Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 05/18/18 in all areas

  1. 13 points
    Omul defapt creeaza iteme de CS:GO care le vinde apoi pentru a face profit pentru investit pe Forex unde face milioane pentru Off-shore-ul lui cu un BOT retea neuronala utilizand modele simple cum ar fi fibbonaci si alte metode criptografice, aceasta metoda este vanduta pe un site de dropshipping administrat de content writers de incredere. (© yoyois) Ce stim noi.. muritori de rand
  2. 7 points
    Nu ai ce invata pana nu ajungi la liceu.
  3. 5 points
    Bai cyberlaba. 'Unu' era membru aici, nu are nicio treaba cu tine. Nu se lauda niciodata cand facea ceva.
  4. 4 points
    Books Reverse Engineering Books The IDA Pro Book Reverse Engineering for Beginners The Art of Assembly Language Practical Reverse Engineering Reversing: Secrets of Reverse Engineering Practical Malware Analysis Malware Analyst's Cookbook Gray Hat Hacking The Art of Memory Forensics Hacking: The Art of Exploitation Fuzzing for Software Security Art of Software Security Assessment The Antivirus Hacker's Handbook The Rootkit Arsenal Windows Internals Part 1 Part 2 Inside Windows Debugging iOS Reverse Engineering Courses Reverse Engineering Courses Lenas Reversing for Newbies Open Security Training Dr. Fu's Malware Analysis Binary Auditing Course TiGa's Video Tutorials Legend of Random Modern Binary Exploitation RPISEC Malware Course SANS FOR 610 GREM REcon Training Blackhat Training Offensive Security Corelan Training Offensive and Defensive Android Reversing Practice Practice Reverse Engineering. Be careful with malware. OSX Crackmes ESET Challenges Flare-on Challenges Github CTF Archives Reverse Engineering Challenges xorpd Advanced Assembly Exercises Virusshare.com Contagio Malware-Traffic-Analysis Malshare Malware Blacklist malwr.com vxvault Hex Editors Hex Editors HxD 010 Editor Hex Workshop HexFiend Hiew hecate Binary Format Binary Format Tools CFF Explorer Cerbero Profiler // Lite PE Insider Detect It Easy PeStudio PEiD MachoView nm - View Symbols file - File information codesign - Code signing information usage: codesign -dvvv filename Disassemblers Disassemblers IDA Pro Binary Ninja Radare Hopper Capstone objdump fREedom Binary Analysis Binary Analysis Resources Mobius Resources z3 bap angr Bytecode Analysis Bytecode Analysis Tools dnSpy Bytecode Viewer Bytecode Visualizer JPEXS Flash Decompiler Import Reconstruction Import Reconstruction Tools ImpRec Scylla LordPE Dynamic Analysis Dynamic Analysis Tools ProcessHacker Process Explorer Process Monitor Autoruns Noriben API Monitor iNetSim SmartSniff TCPView Wireshark Fakenet Volatility Dumpit LiME Cuckoo Objective-See Utilities XCode Instruments - XCode Instruments for Monitoring Files and Processes User Guide dtrace - sudo dtruss = strace dtrace recipes fs_usage - report system calls and page faults related to filesystem activity in real-time. File I/O: fs_usage -w -f filesystem dmesg - display the system message buffer Debugging Debugging Tools WinDbg OllyDbg v1.10 OllyDbg v2.01 OllySnD Olly Shadow Olly CiMs Olly UST_2bg x64dbg gdb vdb lldb qira unicorn Mac Decrypt Mac Decrypting Tools Cerbero Profiler - Select all -> Copy to new file AppEncryptor - Tool for decrypting Class-Dump - use deprotect option readmem - OS X Reverser's process dumping tool Document Analysis Document Analysis Tools Ole Tools Didier's PDF Tools Origami Scripting Scripting IDA Python Src IDC Functions Doc Using IDAPython to Make your Life Easier Introduction to IDA Python The Beginner's Guide to IDA Python IDA Plugin Contest onehawt IDA Plugin List pefile Python Library Android Android tools Android Studio APKtool dex2jar Bytecode Viewer IDA Pro JaDx Yara Yara Resources Yara docs Cheatsheet yarGen Yara First Presentation https://github.com/wtsxDev/reverse-engineering
  5. 4 points
    salut, puteti limita cumva? i-am dat downvote faggotului de @dpul pt ca facea spam pt postari sa ajunga la market si a inceput sa isi faca conturi sa imi dea la toate postarile. alte exemple de utilizatori "atacati" cu downvote : https://rstforums.com/forum/profile/60415-yoyois/ https://rstforums.com/forum/profile/222485-kronzy94/
  6. 4 points
    SRI's logic after reading the title: RSTforums tied to terrorism.
  7. 3 points
    Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more. Features Give root to unprivileged users Hide files and directories Hide files contents Hide processes Hide himself Hidden boot persistence Strings obfuscation. Method suggested by: [milabs](https://github.com/milabs) ICMP/UDP/TCP port-knocking backdoor Full TTY/PTY shell with file transfer Client to handle Reptile Shell Shell connect back each X times (not default) Content: Reptile-master\installer.sh Reptile-master\Makefile Reptile-master\README.md Reptile-master\rep_mod.c Reptile-master\sbin Reptile-master\sbin\aes.c Reptile-master\sbin\aes.h Reptile-master\sbin\client.c Reptile-master\sbin\Makefile Reptile-master\sbin\pel.c Reptile-master\sbin\pel.h Reptile-master\sbin\r00t.c Reptile-master\sbin\README.md Reptile-master\sbin\sha1.c Reptile-master\sbin\sha1.h Reptile-master\sbin\shell.c Reptile-master\scripts Reptile-master\scripts\bashrc Download: Reptile-master.zip (33.8 KB) Source
  8. 3 points
    Salut RST, sunt nou pe forum si m-am gandit sa creez primul meu topic cu un program 'easy, intrucat foarte multi tineri de liceu doresc sa creeze un joculet intr-o consola si nu au nicio idee despre aceasta. Tehnica mea presupune urmatorul lucru, ci anume nu apelam functia de sistem: system("cls"), pentru a putea da refresh la consola, ci pur si simplu parcurgem fiecare caracter mutand practic pozitia cursorului din consola. Pentru a putea crea o mica grafica la jocul nostru, putem foarte bine sa afisam o matrice cu N linii si M coloane dupa care utilizand tehnica de mai sus putem strabate fiecare caracter din matricea noastra fara a mai da refresh la consola. De asemenea puteti utiliza aceasta tehnica si pentru a putea crea diverse jocuri cum ar fi snake, chiar si mario utilizand codul ASCII Si pentru ca tot am abordat subiectul Mario, lansez un challenge pentru tinerii din liceu cu aceasta tema, utilizand tehnica mea descrisa mai sus PS: "Codul a fost compilat cu succes in code blocks, daca doriti sa-l compilati in alt editor, atunci trebuie sa rezolvati pe cont prorpiu erorile aparute" #include <iostream> #include <windows.h> #define LINE 20 #define COLUMN 40 #define BLACK 0 #define GRAY 8 #define BLUE 1 #define LIGHTBLUE 9 #define AQUA 3 #define LIGHTAQUA 11 #define RED 4 #define LIGHTRED 12 #define PURPLE 5 #define LIGHTPURPLE 13 #define YELLOW 6 #define LIGHTYELLOW 14 #define WHITE 7 #define LIGHTWHITE 15 #define GREEN 2 #define LIGHTGREEN 10 using namespace std; char MAP[LINE][COLUMN] = {"#######################################", "# #", "# #", "# #", "# #", "# #", "# #", "# @ #", "# #", "# #", "# #", "# #", "# #", "# #", "# #", "# #", "# #", "#######################################"}; void gotox(int x, int y) { COORD coord; coord.X = y; coord.Y = x; SetConsoleCursorPosition(GetStdHandle(STD_OUTPUT_HANDLE), coord); } void ShowConsoleCursor(bool showFlag) { HANDLE out = GetStdHandle(STD_OUTPUT_HANDLE); CONSOLE_CURSOR_INFO cursorInfo; GetConsoleCursorInfo(out, &cursorInfo); cursorInfo.bVisible = showFlag; // set the cursor visibility SetConsoleCursorInfo(out, &cursorInfo); } char getCursorChar() /// Function which returns character on console's cursor position || Totally not copied from the Internet { char c = '\0'; CONSOLE_SCREEN_BUFFER_INFO con; HANDLE hcon = GetStdHandle(STD_OUTPUT_HANDLE); if (hcon != INVALID_HANDLE_VALUE && GetConsoleScreenBufferInfo(hcon,&con)) { DWORD read = 0; if (!ReadConsoleOutputCharacterA(hcon,&c,1, con.dwCursorPosition,&read) || read != 1 ) c = '\0'; } return c; } char readChar(int x,int y) /// Function which reads character at specific coordinates { gotox(x,y); char ccccc = getCursorChar(); return ccccc; } void setColor(WORD c) { SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), c); } void out(char* t, WORD c) { setColor(c); cout<<t; setColor(LIGHTWHITE); } void oout(char t, WORD c) { setColor(c); cout<<t; setColor(LIGHTWHITE); } void cls() { system("cls"); } void drawGraphic(void) { cls(); for(int i=0; i<LINE; i++) { for(int j=0; j<COLUMN; j++) { switch(MAP[i][j]) { case '#': { oout(MAP[i][j], LIGHTYELLOW); }break; case ' ': { cout<<" "; }break; case '@': { oout(MAP[i][j], LIGHTRED); } } } cout<<endl; } } void setMenu(int speed, int x, int y) { gotox(0, COLUMN); setColor(LIGHTGREEN); cout<<"Speed: "<<speed<<" NUM 8 - increase slow"<<endl; gotox(1, COLUMN + 9); cout<<" NUM 2 - decrease speed"<<endl; gotox(3, COLUMN); cout<<"Position: "<<x<<" ; "<<y<<endl; gotox(5, COLUMN); cout<<"SPACE: * block"<<endl; gotox(6, COLUMN); cout<<"NUM 0: Remove all blocks"<<endl; setColor(LIGHTWHITE); } int main() { ShowConsoleCursor(false); drawGraphic(); int speed = 60; setMenu(speed, 0, 0); char player = (char)16; while(true) { for(int i=0; i<LINE; i++) { for(int j=0; j<COLUMN; j++) switch(readChar(i, j)) { case '@': { setMenu(speed, i, j); if(GetAsyncKeyState(VK_UP) != 0) { if(readChar(i-1, j) == ' ') { gotox(i, j); oout(' ', LIGHTRED); gotox(i-1, j); oout('@', LIGHTRED); } Sleep(speed - 30); } else if(GetAsyncKeyState(VK_DOWN) != 0) { if(readChar(i+1, j) == ' ') { gotox(i, j); oout(' ', LIGHTRED); gotox(i+1, j); oout('@', LIGHTRED); } Sleep(speed); } else if(GetAsyncKeyState(VK_LEFT) != 0) { if(readChar(i, j-1) == ' ') { gotox(i, j); oout(' ', LIGHTRED); gotox(i, j-1); oout('@', LIGHTRED); } Sleep(speed - 30); } else if(GetAsyncKeyState(VK_RIGHT) != 0) { if(readChar(i, j+1) == ' ') { gotox(i, j); oout(' ', LIGHTRED); gotox(i, j+1); oout('@', LIGHTRED); } Sleep(speed); } else if(GetAsyncKeyState(VK_NUMPAD8) != 0) { speed += 10; Sleep(speed); setMenu(speed, i, j); } else if(GetAsyncKeyState(VK_NUMPAD2) != 0) { if(speed <= 30) setMenu(30, i, j); else { speed -= 10; Sleep(speed); setMenu(speed, i, j); } } else if(GetAsyncKeyState(VK_SPACE) != 0) { if(readChar(i-1, j) == ' ') { gotox(i-1, j); oout('*', LIGHTBLUE); Sleep(speed); } else if(readChar(i+1, j) == ' ') { gotox(i+1, j); oout('*', LIGHTBLUE); Sleep(speed); } else if(readChar(i, j-1) == ' ') { gotox(i, j-1); oout('*', LIGHTBLUE); Sleep(speed); } else if(readChar(i, j+1) == ' ') { gotox(i, j+1); oout('*', LIGHTBLUE); Sleep(speed); } } else if(GetAsyncKeyState(VK_NUMPAD0) != 0) { if(readChar(i-1, j) != ' ') { gotox(i-1, j); oout(' ', LIGHTBLUE); Sleep(speed); } else if(readChar(i+1, j) != ' ') { gotox(i+1, j); oout(' ', LIGHTBLUE); Sleep(speed); } else if(readChar(i, j-1) != ' ') { gotox(i, j-1); oout(' ', LIGHTBLUE); Sleep(speed); } else if(readChar(i, j+1) != ' ') { gotox(i, j+1); oout(' ', LIGHTBLUE); Sleep(speed); } } else if(GetAsyncKeyState(VK_ESCAPE) != 0) { exit(0); } }break; } } } return 0; }
  9. 3 points
    bre tu nu ai vrut cabinet stomatologic?
  10. 3 points
    Python is an amazing language with a strong and friendly community of programmers. However, there is a lack of documentation on what to learn after getting the basics of Python down your throat. Through this book I aim to solve this problem. I would give you bits of information about some interesting topics which you can further explore. The topics which are discussed in this book open up your mind towards some nice corners of Python language. This book is an outcome of my desire to have something like this when I was beginning to learn Python. If you are a beginner, intermediate or even an advanced programmer there is something for you in this book. Please note that this book is not a tutorial and does not teach you Python. The topics are not explained in depth, instead only the minimum required information is given. I am sure you are as excited as I am so let’s start! Note: This book is a continuous work in progress. If you find anything which you can further improve (I know you will find a lot of stuff) then kindly submit a pull request! Author I am Muhammad Yasoob Ullah Khalid. I have been programming extensively in Python for over 3 years now. I have been involved in a lot of Open Source projects. I regularly blog about interesting Python topics over at my blog . In 2014 I also spoke at EuroPython which was held in Berlin. It is the biggest Python conference in Europe. If you have an interesting Internship opportunity for me then I would definitely like to hear from you! Table of Contents 1. *args and **kwargs 1.1. Usage of *args 1.2. Usage of **kwargs 1.3. Using *args and **kwargs to call a function 1.4. When to use them? 2. Debugging 3. Generators 3.1. Iterable 3.2. Iterator 3.3. Iteration 3.4. Generators 4. Map, Filter and Reduce 4.1. Map 4.2. Filter 4.3. Reduce 5. set Data Structure 6. Ternary Operators 7. Decorators 7.1. Everything in Python is an object: 7.2. Defining functions within functions: 7.3. Returning functions from within functions: 7.4. Giving a function as an argument to another function: 7.5. Writing your first decorator: 7.6. Decorators with Arguments 8. Global & Return 8.1. Multiple return values 9. Mutation 10. __slots__ Magic 11. Virtual Environment 12. Collections 12.1. defaultdict 12.2. OrderedDict 12.3. counter 12.4. deque 12.5. namedtuple 12.6. enum.Enum (Python 3.4+) 13. Enumerate 14. Object introspection 14.1. dir 14.2. type and id 14.3. inspect module 15. Comprehensions 15.1. list comprehensions 15.2. dict comprehensions 15.3. set comprehensions 16. Exceptions 16.1. Handling multiple exceptions: 17. Lambdas 18. One-Liners 19. For - Else 19.1. else clause: 20. Python C extensions 20.1. CTypes 20.2. SWIG 20.3. Python/C API 21. open Function 22. Targeting Python 2+3 23. Coroutines 24. Function caching 24.1. Python 3.2+ 24.2. Python 2+ 25. Context managers 25.1. Implementing Context Manager as a Class: 25.2. Handling exceptions 25.3. Implementing a Context Manager as a Generator Link: http://book.pythontips.com/en/latest/index.html
  11. 3 points
  12. 3 points
    A făcut fix ce ți-a zis @Nytro mai sus. A pus console.log, document.write sau orice altceva în loc de eval. In felul asta, îți afișează codul în loc sa îl execute. Asta e doar primul pas. Ce poți faci mai departe e sa înlocuiești toate string-urile de forma '\x20\x22...' Sunt reprezentate în hex după cum notația cu \x le dă de gol. Poți face asta simplu cu un hex decoder sau automatizezi puțin cu un regex și faci replace în masă în tot fișierul. Apoi urmează partea grea. Urmărești codul și încerci sa înțelegi ce face. Când crezi ca ai înțeles ce face o variabila sau o funcție pune-i și un nume. Urmărește ce face codul dintr-un debugger (DevTools din Chrome e suficient), într-o sesiune curata de browser (e.g. incognito) și trece-l și prin Burp sau alt proxy local cum ți s-a zis mai sus. Pana ii dai de cap vezi dacă face ceva request-uri, dacă scrie ceva (fie elemente în DOM, fie valori în cookies, localstorage, sessionstorage etc.). E mult cod, mult de munca. Dacă timpul pe care îl petreci > valoarea pe care o aduce... Pierzi timpul. Dar măcar e educativ. Dacă ai nevoie de ajutor la chestii punctuale te ajut eu.
  13. 3 points
    Cat spam poti sa faci omule? Iti trebuie 50 pentru market, inteleg dar du-te in https://rstforums.com/forum/forum/19-cosul-de-gunoi/ si lasa-ne in pace.
  14. 3 points
    M-am oprit la "Asa e romanul vai de capul lui". As fi vrut sa iti explic de ce esti idiot, dar nu merita timpul pierdut. Probabil o sa te transformi inca unul cu diploma de licenta, angajat pe la multinationale (kfc, mcdonalds).
  15. 3 points
    Photonic Side Channel Attacks Against RSA Elad Carmon, Jean-Pierre Seifert, Avishai Wool Abstract This paper describes the first attack utilizing the photonic side channel against a public-key crypto-system. We evaluated three common implementations of RSA modular exponentiation, all using the Karatsuba multiplication method. We discovered that the key length had marginal impact onresilience to the attack: attacking a 2048-bit key required only 9% more decryption attempts than a 1024-bit key. We found that the most dominant parameter impacting the attacker’s effort is the minimal block size at which the Karatsuba method reverts to naive multiplication: even for parameter values as low as 32 or 64 bits our attacks achieve 100% success rate with under 10,000 decryption operations. Somewhat surprisingly, we discovered that Montgomery’s Ladder—commonly perceived as the most resilient of the three implementations to side-channel attacks—was actually the most susceptible: for 2048-bit keys, our attack reveals 100% of the secret key bits with as few as 4000 decryptions. Link: https://eprint.iacr.org/2017/108.pdf
  16. 2 points
    A study funded by DARPA increased the possibility of memory-enhancing brain prosthetics. The animal research done previously showed successful results after which the study was conducted on patients at Wake Forest Baptist Medical Center. The patients there were already having brain implants as a part of their epilepsy treatment. They experienced major improvements in both short-term and long-term memory. The patients were asked to play a memory-related computer game in which they were asked to remember specific things. When the patients were trying to remember those things, the researchers recorded various patterns of neural firing in the brain’s hippocampus area. The hippocampus area of the brain is responsible for the memory. They also paid attention to neural patterns that resulted in the correct memory being encoded. After that, they made the patients play the game again and electrically simulated each patient’s brain by using the encoding patterns studied earlier. They were hoping to use those electrical simulators to trigger more effective memory storage of the data which they have. The method worked successfully and showed results that were better than what the team was expecting. The results on the short-term memory tests jumped by a huge 37% and the long-term memory tests enhanced by 35%. Robert Hampson, the lead author of the study said, “We showed that we could tap into a patient’s own memory content, reinforce it and feed it back to the patient. Even when a person’s memory is impaired, it is possible to identify the neural firing patterns that indicate correct memory formation and separate them from the patterns that are incorrect. We can then feed in the correct patterns to assist the patient’s brain in accurately forming new memories, not as a replacement for innate memory function, but as a boost to it.” The research has opened the door to the memory-enhancing brain implants. These implants might give a button which can be pressed when looking at something to increase the chances of remembering it later. The researchers are looking at this as a potential medical device to help the patients with Alzheimers, stroke or traumatic brain injury patients. The implant will help them re-start the process of forming new memories using their brain’s own activity patterns. The team is also hoping that the technology might be able to assist people in keeping memories which they have encoded already. Hampson says, “In the future, we hope to be able to help people hold onto specific memories, such as where they live or what their grandkids look like when their overall memory begins to fail.” Sursa: http://wonderfulengineering.com/brain-prosthetic-boost-memory-shown-impressive-results-human-trials/
  17. 2 points
    wordlist created from original 41G stash via: grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt Then, compressed with: 7z a breachcompilation.txt.7z breachcompilation.txt Size: 4.1G compressed 9.0G uncompressed No personal information included - just a list of passwords. magnet url: magnet:?xt=urn:btih:5a9ba318a5478769ddc7393f1e4ac928d9aa4a71&dn=breachcompilation.txt.7z full base magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337 Mirror [944.4 MB, expands to 4.07 GB] Source: reddit.com
  18. 2 points
    dar un if in acel for nu merge? gen daca nu apare acea eroare in valoare ta sa faca acel #do something. Sau dupa ce da valoare ... depinde caz, verifici valoare cu un if si sa faca sau sa nu faca mai departe in functie de valoare de care ai nevoie, sau sa genereze alt cookies daca e expirat sau nu e valid.
  19. 2 points
    Nu exista iteme a caror valoare sa creasca de la 1-10 dolari la 400-700, imi pare rau sa te dezamagesc.
  20. 2 points
    Nu se poate pune un interval in minute intre crearea de topicuri noi de catre acelasi user? Cand se apuca OKQL sa bage copy-paste in Stiri, se duce pe garla tot news feed-ul, nu mai vezi nimic, stiri de rahat de la um capat la altul.
  21. 2 points
    Si eu postez la fel uneori. Ideea e ca acele posturi sunt utile. Printre posturile lui @OKQL am gasit lucruri despre care nu stiam, si in general sunt la curent cum cam tot ce apare.
  22. 2 points
    I altered the Decrypter.c, not to get the raw password from the CNAME record from password.andrelima.info , but instead to get an hex encoded password from the same record in passwordhex.andrelima.info This feature allows the Crypter to encrypt the shellcode with passwords containing special characters. So, bear in mind some screenshots below might be outdated, but not the following: Crypter now presenting the password used secret_%”123 in hex to insert in the CNAME record Code added to Decrypter.c to decode the hex encoded password retrieved Successful hex encoded password retrieval, decoding, and decryption of shellcode A crypter is code that decrypts a previously encrypted payload, in this case a shellcode, and will then execute it. To encrypt it I chose one of the algorithms that went through the final round of AES: Twofish. But to make this one unique, I decided not to request the password to decrypt the payload from the user (usually as the first parameter to the executable in the command line) but, instead, to get it from a DNS request (CNAME record) to the host “password.andrelima.info” which will return the password in the following format: <password>.andrelima.info But first things first. While I did quite a lot of rewriting, adapting, and debugging, the code I’ll be presenting is mostly derived from a Twofish optimised C implementation by Drew Csillag, and a DNS query code in C by Silver Moon. The latter was chosen due to only using linux sockets, reducing any external library dependencies to a minimum. 1. Shellcode / Payload The payload used in an execve stack implementation, which means that, after executing it, a command line prompt should present itself, as follows: Figure 1 – execve code Figure 2 – execution The full explanation on this and other shellcodes I’ve developed can be found on one of my previous posts from which some, that I submitted into Exploit DB, got accepted. 2. Crypter As previously stated, the code base for the Twofish encryption was downloaded here, as it was the fastest implementation, in a reliable source, I could find. I then proceeded with adapting it to encrypt a shellcode and produce its output in hexadecimal format. Figure 3 – Crypter code to encrypt the shellcode The password, that the code will be using, shall be set as a command line parameter (argv[1]). The 128 bit encryption key is first set to all zeroes (cleanup for consistency certainty in the decryption process) and only then the given password is copied into the 16 bytes (128b) char array. It is important to note that Twofish is a 128 bit block cipher. This means that, in the case of the shellcode, if its size is not an exact multiple of the block size, some padding will exist. In my first implementation I had the padding all set to zeroes. But in order to avoid any known-plaintext attacks, I later decided to generate a random stream of bytes. These random bytes will be of no consequence to the shellcode when decrypted, because after the last instruction (syscall – Figure 1, Line 18) nothing else will be executed. As stated by the execve documentation: This means that after the syscall instruction, we can have any random bytes and they’ll be of no consequence to the code execution. This is great, because I don’t need to worry about removing them at all. One final note, regarding the compilation of the Crypter.c file, is that it requires giving GCC the “-O3” and “-fomit-frame-pointer” flags, as stated in the original code’s initial comments. The code uses some C optimisation techniques and it requires these flags to be able to compile it correctly. Another issue to be careful about, is the fact that the header file tables.h doesn’t exist originally in the Twofish download. It is actually generated by the provided python script as follows: python makeCtables.py > tables.h gcc -O3 -fomit-frame-pointer Crypter.c tables.h -o Crypter After executing the crypter (which will produce a different output – actually just the last 128 bit block – every time it’s executed, due to the random byte stream generated to pad the original shellcode): Figure 4 – Encrypted shellcode generated with password “secret123” The password to decrypt the shellcode is set in the command line to the crypter: secret123 3. The DNS setup The DNS setup is how I decided to store the password for decrypting the shellcode. The point is to have it as a CName DNS record associated with the host password.andrelima.info : Figure 5 – Domain name service provider CNAME configuration This can be easily verified with the dig tool (dig password.andrelima.info cname +short): Figure 6 – CName retrieval using dig command line tools Of course one could set a local DNS server and test this functionality (e.g. bind9), but I already owned the domain “andrelima.info” and all I had to do was go in the DNS management page and add a record (Figure 5), which I’ll leave as is, for anyone who wishes to quickly test the code. 4. Decrypter Now that the password is set, its retrieval is exactly the first thing the Decrypter will need to do: Figure 7 – DNS CName password retrieval The ngethostbyname will basically get the DNS record type specified as the second parameter (CName), which is associated with the host in the first parameter. It then proceeds to extracting the password from the retrieved string <password>.andrelima.info. An improvement to this code will be to encode the password to make it possible to use any special characters in it. Hex format would be great, as it would be acceptable in the URL format to have something like 03f78b…a18d.andrelima.info. So after getting the password, the code moves on to decrypting the encrypted shellcode shown in Figure 4: Figure 8 – Code decrypting the encrypted shellcode from Fig 4 To compile this, we run: gcc -O3 -fomit-frame-pointer -fno-stack-protector -z execstack Decrypter.c tables.h -o Decrypter This command now has the flags -fno-stack-protector -z execstack to allow for the execution of code in the stack – our decrypted shellcode. And it then runs smoothly as expected (with some unnecessary but convenient debugging information): Figure 9 – running the Decrypter You can find all the files on my gitlab account. Source: https://pentesterslife.blog/2018/02/02/twofish-crypter-with-dns-cname-password-retrieval-x64-shellcode-decryption-and-execution/
  23. 2 points
    Fa-ti forum de barbati adevarati si ragaie acolo.
  24. 2 points
    Nytro s-a cam inmuiat, da ban pentru injuraturi, si saracul ala de SirGod e pe aceeasi nota, cred ca de-aia l-a pus moderator, ca amandoi sunt moi si dau ban pentru injuraturi. Asta e forum de barbati adevarati care injura si ragaie dupa ce beau, nu de pizdulici care vorbesc frumos
  25. 2 points
    Ba ce pula mea intrati zi de zi pe profilu meu si tu si @aramen si @prietenfals v-ati facut abonament? Va platesc part-time cu bonuri sa stati pe RST, si sa luati toate profilurile la rand??
×