Nytro

Pun link, e aranjat si se vede mult mai bine. By SergeyPopenko, Apriorit Inc, Ivan Romanenko | 17 Aug 2009 Articolul aici: http://www.codeproject.com/KB/system/hide-driver.aspx

'----------------------------------------- 'Detect VMWare 'Tested : VNWare 6.0 -> 7.0 'Coder : DungCoi (VirusVN.com) 'Email : dungcoivb@gmail.com '----------------------------------------- Private Type DISPLAY_DEVICE cb As Long DeviceName As String * 32 DeviceString As String * 128 StateFlags As Long DeviceID As String * 128 DeviceKey As String * 128 End Type Private Declare Sub GetSystemInfo Lib "kernel32" (lpSystemInfo As SYSTEM_INFO) Private Type SYSTEM_INFO dwOemID As Long dwPageSize As Long lpMinimumApplicationAddress As Long lpMaximumApplicationAddress As Long dwActiveProcessorMask As Long dwNumberOrfProcessors As Long dwProcessorType As Long dwAllocationGranularity As Long dwReserved As Long End Type Private Declare Function EnumDisplayDevices Lib "user32" Alias "EnumDisplayDevicesA" (Unused As Any, ByVal iDevNum As Long, lpDisplayDevice As DISPLAY_DEVICE, ByVal dwFlags As Long) As Boolean Sub Main() Dim strVGA As String strVGA = getVGACard If InStr(1, LCase(strVGA), "vmware") > 0 Then MsgBox "Dze dze. VMWare", , "VirusVN.com" Else MsgBox "I'm not running on VMWare :P", , "VirusVN.com" End If End End Sub Public Function getVGACard() As String Dim DD As DISPLAY_DEVICE DD.cb = Len(DD) If EnumDisplayDevices(ByVal 0&, 0, DD, ByVal 0&) Then getVGACard = Left$(DD.DeviceString, InStr(1, DD.DeviceString, Chr$(0)) - 1) Else getVGACard = "" End If End Function

'KERNEL32 Private Declare Function CreateSemaphoreW Lib "KERNEL32" (ByVal lpSemaphoreAttributes As Long, ByVal lInitialCount As Long, ByVal lMaximumCount As Long, ByVal lpName As Long) As Long '--------------------------------------------------------------------------------------- ' Procedure : DisableMsConfig ' Author : Karcrack ' Date : 12/08/2010 '--------------------------------------------------------------------------------------- ' Public Function DisableMsConfig() As Boolean Call CreateSemaphoreW(0, 0, 1, StrPtr("MSConfigRunning")) DisableMsConfig = (Err.LastDllError = 0) End Function

Author: Karcrack Source: http://www.advancevb.com.ar/?p=567 '--------------------------------------------------------------------------------------- ' Module : mZombieInvoke ' Author : Karcrack ' Now : 09/08/2010 13:37 ' Purpose : Calling API without declaring ' Only uses VB6 functions ' History : 20100908 First cut ....................................................... '--------------------------------------------------------------------------------------- Option Explicit Private Type Zombie_STRUCT1 cNull As Currency 'Must be 0 ppS2 As Long 'Pointer to pointer to Zombie_STRUCT2 End Type Private Type Zombie_STRUCT2 lNull As Long 'Must be 0 lAddr As Long 'The Addr End Type Private Type tAPICall ptsLIB As Long ' Pointer to ANSI String that contains Library (NULL TERMINATED!) ptsProc As Long ' Pointer to ANSI String that contains Procedure(NULL TERMINATED!) lReserved As Long ' Just reserved... lPointer As Long ' Pointer to the buffer that will contain temp variables from DllFunctionCall lpBuffer(3) As Long ' Buffer that will contain temp variables End Type Private Type DUMB_LONG lLNG As Long End Type Private Type BYTES_LONG b1 As Byte: b2 As Byte b3 As Byte: b4 As Byte End Type 'MSVBVM60 Private Declare Function DllFunctionCall Lib "MSVBVM60" (ByRef typeAPI As tAPICall) As Long Private Declare Function Zombie_AddRef Lib "MSVBVM60" (ByRef tStructure As Zombie_STRUCT1) As Long Private bvASM(&HFF) As Byte Public Function Invoke(ByVal sLibName As String, ByVal sProcName As String, ParamArray vParams() As Variant) As Long Dim hMod As Long Dim S1 As Zombie_STRUCT1 Dim S2 As Zombie_STRUCT2 Dim i As Long Dim iCount As Long hMod = GetPointer(sLibName, sProcName) '//POP EAX '//POP EBX '//PUSH EAX Call AddByte(&H58, iCount): Call AddByte(&H5B, iCount): Call AddByte(&H50, iCount) For i = UBound(vParams) To LBound(vParams) Step -1 '//PUSH CLng(vParams(i)) Call AddPush(CLng(vParams(i)), iCount) Next i '//CALL hMod '//RET Call AddCall(hMod, iCount): Call AddByte(&HC3, iCount) S2.lAddr = VarPtr(bvASM(0)) S1.ppS2 = VarPtr(VarPtr(S2)) Invoke = Zombie_AddRef(S1) End Function Private Function GetPointer(ByVal sLib As String, ByVal sProc As String) As Long Dim tAPI As tAPICall Dim bvLib() As Byte Dim bvMod() As Byte bvLib = StrConv(sLib + vbNullChar, vbFromUnicode): bvMod = StrConv(sProc + vbNullChar, vbFromUnicode) With tAPI .ptsLIB = VarPtr(bvLib(0)): .ptsProc = VarPtr(bvMod(0)) .lReserved = &H40000: .lPointer = VarPtr(.lpBuffer(0)) End With GetPointer = DllFunctionCall(tAPI) End Function Private Sub AddCall(ByVal lpPtrCall As Long, ByRef iCount As Long) Call AddByte(&HB8, iCount) '//MOV EAX, ________ Call AddLong(lpPtrCall, iCount) '//_______, XXXXXXXX Call AddByte(&HFF, iCount) '//CALL EXX Call AddByte(&HD0, iCount) '//____ EAX End Sub Private Sub AddPush(ByVal lLong As Long, ByRef iCount As Long) Call AddByte(&H68, iCount) '//PUSH, ________ Call AddLong(lLong, iCount) '//____, XXXXXXXX End Sub Private Sub AddLong(ByVal lLong As Long, ByRef iCount As Long) 'Swap Endian (Ej: 0xDEADBEEF <-> 0xEFBEADDE) Dim tDL As DUMB_LONG Dim tBL As BYTES_LONG tDL.lLNG = lLong LSet tBL = tDL Call AddByte(tBL.b1, iCount): Call AddByte(tBL.b2, iCount) Call AddByte(tBL.b3, iCount): Call AddByte(tBL.b4, iCount) End Sub Private Sub AddByte(ByVal bByte As Byte, ByRef iCount As Long) bvASM(iCount) = bByte: iCount = iCount + 1 End Sub Sample: Invoke "USER32", "MessageBoxW", 0, StrPtr("Karcrack FTW!!!"), StrPtr("Fuck yeah!"), 0 Vedeti in exemplu ce face. Foloseste numai API-uri din MSVB60.DLL.

1) Ideea de IP Stealing e penibila. Daca ruleaza programul tau, poti face orice pe acel PC, dar tu ii iei IP-ul? Apoi ce? 2) Metoda este extrem de stupida. Am vazut ca exista System.Net.Dns.GetHostByName si System.Net.Dns.GetHostName, dar ar fi de preferat API-urile (gethostbyname si gethostname). Sa descarci o pagina in care apare IP-ul si sa il citesti de acolo... Oricum, felicitari, majoritatea "dorm", e bine ca mai sunt si oameni interesati de anumite lucruri.

Decat sa va plateasca pe voi mai bine ii da ei 20-30-50 de RON si ii da ea parola.

sosetutza: Stiu, le-am pus pentru fiecare combinatie, adica sa mearga si ": D" si ": d" si altele. pax: http://i38.tinypic.com/15pgw1i.png

Cauta pe aici: Simple IM programming sau cam asa ceva. Sunt prezentate ideile de baza, restul depinde de tine.

E multe de stiut pentru asa ceva. In primul rand trebuie sa ai cunostinte solide de networking. Apoi apare marea problema. Protocolul YMSG (cred ca te referi la bootere pentru Yahoo! Messenger, sa iti poti "da afara" dusmanii de pe mess) nu este public, si trebuie sa faci sniffing sa prinzi unele lucruri. Si daca le prinzi, trebuie sa iti dai si seama care e rostul lor. Oricum, cauta, descarca si uita-te peste libpurple.

Uite o idee mai buna. Faci tu 1000 de conturi si intri pe rand pe ele. Se pastreaza parca cei care au "activat" in ultima jumatate de ora la "online". Daca esti rapid bati singur recordul

Sunt utile astfel de topicuri. Prin acestea ne arata cat ii duce capul si stim la ce sa ne asteptam de la ei.

"deci WMP suport? JavaScript" Imi place, dar vreau sa fac o mica corectare. WMP nu suporta JavaScript, ci foloseste ieframe.dll (sau shadowctl.dll parca) care este un control ActiveX. Cum sa spun... Incorporeaza functionalitatea browser-ului IE. Cred ca intelegi mai bine daca o sa citesti/vizionezi unul dintre multele tutoriale despre "crearea unui browser in VB6".

Gandeste-te la un articol pe care doresti sa il scri si trimite-mi un PM cu cateva detalii despre el, daca esti interesat.

Cred ca primele 2 volume sunt de ajuns. Primul prezinta lucrurile de baza, iar al doilea lucruri putin mai complicate. Nici nu stiam ca exista volumul 4.

Ce zice cel care a descoperit problema (arkon) pe blogul sau: "It’s very hard to exploit it for code execution, on the edge of impossible. That’s why I felt safe about releasing it publicly Still curious, if anybody is able to do it."

OMFG, chiar e SQLI! http://www.insecurity.ro/_|_alexalghisi

Ruleaza programul intr-o masina virtuala sau intr-un sandbox (preferabil masina virtuala).

Denisa, Babi Minune & Mr. Juve - Hai zi-mi pe cine

Haaa self-own?

Si la mine a fost ciudat. A fulgerat o data puternic (urmat de un tunet pe masura), mi s-a luat net-ul pentru cateva momente si soneria de la usa a inceput sa cante singura. Nu o mai dati in SF-uri, doar sitit ca pax e de vina, dar va e frica sa spuneti ceva de el.

O carte foarte buna pe care am citit-o si eu. O recomand tuturor care vor sa inteleaga protocoalele de retea, nu numai TCP/IP. Online: http://www.scribd.com/doc/32885388/TCP-IP Download: http://www.netdrive.ws/330472.html http://share-byte.com/?d=E578EE391 http://www.speedyshare.com/files/23695079/32885388-TCP-IP.pdf

Nu sta nimeni sa verifice programele. Tu ai sta sa verifici toate programele care se posteaza? Majoritatea sunt copiate de pe alte site-uri, si nu stie nici autorul postului daca acel program e infectat sau nu.

Ultimele 3 posturi Warn

Krisler12™: Se pare ca ai auzit si tu de 2 forumuri. Acolo sunt decat cativa utilizatori pe care ii duce capul, restul sunt ratati ca tine. Ban cateva zile, sa te calmezi

Ar trebui pus la inregistrare: "Atentie, utilizatori rai/periculosi!"