Hacking and more...
HaCkinG CulT
|
Lista Forumurilor Pe Tematici
|
Hacking and more... | Reguli | Inregistrare | Login
POZE HACKING AND MORE...
Nu sunteti logat.
|
Nou pe simpatie:
Tanya_sexy pe Simpatie
 | Femeie
24 ani
Hunedoara
cauta Barbat
24 - 47 ani |
|
|
dark_hacker_3k
Junior+
Inregistrat: acum 18 ani
Postari: 44
|
|
Sunt multe modalitati foarte grele, dar una dintre cele mai simple e sa ai virusul necomprimat, sa il modifici cu Morphine (incearca mai multe combinatii), dupa care sa il comprimi cu un UPX foarte puternic. That's all folks !
_______________________________________
|
|
| pus acum 18 ani |
|
|
Sad_Dreamer
Elite Member
Inregistrat: acum 18 ani
Postari: 1602
|
|
nu tzine...asta stiau si aia de la antivirusi...aia care lucreaza acolo si nu tine
_______________________________________
In caz ca nu sti...Getting Laid <> Getting r00t
|
|
| pus acum 18 ani |
|
|
Y2K`
Elite Member
Din: 666
Inregistrat: acum 18 ani
Postari: 970
|
|
 ( pacat
|
|
| pus acum 18 ani |
|
|
3Nigma
Member of RedTeam
Inregistrat: acum 18 ani
Postari: 325
|
|
am una mai usoara...daca tot esti programator si ai un antivirus updatat la zi....compilezi virusul facut de tine pana nu-l detecteaza antivirusu  ... MuCH EASIER!
|
|
| pus acum 18 ani |
|
|
Inside
Elite Member
Din: ..:: Angels City ::..
Inregistrat: acum 18 ani
Postari: 1351
|
|
si daca nus programator. .ma invetzi u sa..programez unu ?;- ???:d :cenzurat:
_______________________________________
|
|
| pus acum 18 ani |
|
|
dark_hacker_3k
Junior+
Inregistrat: acum 18 ani
Postari: 44
|
|
Mai am un tutorial cum sa poti face invizibil Prorat-ul 1.9 fix 2 , dar nu stiu cate de vechi e sau daca mai merge ... Incercati si voi ... 
_______________________________________
|
|
| pus acum 18 ani |
|
|
dark_hacker_3k
Junior+
Inregistrat: acum 18 ani
Postari: 44
|
|
Sau pentru cei care stiu ce este Morphine (la ce ajuta si cum se lucreaza cu el) - aveti linkul aici Sper sa va ajute.
Modificat de dark_hacker_3k (acum 18 ani)
_______________________________________
|
|
| pus acum 18 ani |
|
|
Inside
Elite Member
Din: ..:: Angels City ::..
Inregistrat: acum 18 ani
Postari: 1351
|
|
dar daca tot lumea... nu prea stie ..de Morphine asta. .ai putea u sa faci un tutorial ..si sai invetzi putzin thx 10x 
_______________________________________
|
|
| pus acum 18 ani |
|
|
3Nigma
Member of RedTeam
Inregistrat: acum 18 ani
Postari: 325
|
|
Inside a scris:
si daca nus programator. .ma invetzi u sa..programez unu ?;- ???:d :cenzurat: |
Ce-i atat de greu...vointa si rabdare sa ai...incearca pe visual basic 6 ca ala ii super usor si "user friendly"... iar tutoriale gasesti pe net cu caru...scrii doar ce te interesaza...sau iei de aici >>> :cenzurat:
|
|
| pus acum 18 ani |
|
|
Inside
Elite Member
Din: ..:: Angels City ::..
Inregistrat: acum 18 ani
Postari: 1351
|
|
mz  :cenzurat::cenzurat::cenzurat:
_______________________________________
|
|
| pus acum 18 ani |
|
|
dark_hacker_3k
Junior+
Inregistrat: acum 18 ani
Postari: 44
|
|
Morphine as a part of The Hacker Defender Project (a simple morphing program with output directly to X or GIFs).
Morphine is very unique application for PE files encryption. Unlike
other PE encryptors and compressors Morphine includes own PE loader which
enables it to put whole source image to the .text section of new PE file. This
one is very powerful because you can compress source file with your favourite
compressor like UPX and then encrypt its output with Morphine. Another powerful
thing here is polymorphic engine which always creates absolutely different
decryptor for the new PE file. This mean if your favourite trojan horse is
detected by an antivirus you can encrypt it with Morphine. You will not get
the virus alert again.
What's more, Morphine allows you to encrypt one file several times!
But be sure you're using -b option (see usage) when doing this. Unlike others
Morphine enlarges your executable by not more than 5kb (this is not true for
morphined DLLs without using -d option, see below)! Morphine supports most
of PE files and many of other PE encryptor/packers. Also one of the greatest
things here is that it is an open source project. In these days antivirus
companies sniff around our site waiting for new version of morphine to add
new decoder into their databases. But you can simply make your own undetectable
version. Because new PE file has random loader it is possible the loading will
take more time than you want to (especially when encrypting bigger files).
If this occurs simply delete the long time loading PE file and try to build it
again. And be careful with morphined DLLs. This can really slow down final
execution.
Whole Morphine code is compatible with Delphi 6 and 7 compiler.
Morphined files can be executed on Windows with NT kernel only.
Usage
-----
Usage: morphine.exe [-q] [-d] [-b:ImageBase] [-o:OutputFile] InputFile
-q be quiet (no console output)
-d for dynamic DLLs only
-i save resource icon and XP manifest
-a save overlay data from the end of original file
-b:ImageBase specify image base in hexadecimal string
(it is rounded up to next 00010000 multiple)
-o:OutputFile specify file for output
(InputFile will be rewritten if no OutputFile given)
Examples:
1) morphine.exe -q c:winntsystem32cmd.exe
rewrite cmd.exe in system directory and write no info
2) morphine.exe -b:1F000000 -o:newcmd.exe c:winntsystem32cmd.exe
create new file called newcmd.exe based on cmd.exe in system dir
set its image base to 0x1F000000 and display info about processing
3) morphine.exe -d static.dll
rewrite static.dll which is loaded only dynamically
4) morphine.exe -i -o:cmdico.exe c:winntsystem32cmd.exe
create new file called cmdico.exe based on cmd.exe in system dir
save its icon and or XP manifest in resource section
5) morphine.exe -i -a srv.exe
rewrite srv.exe, save its icon, XP manifest and overlay data.
_______________________________________
|
|
| pus acum 18 ani |
|
Shocker
Super Moderator
 Din: localhost
Inregistrat: acum 18 ani
Postari: 2084
|
|
dark_hacker_3k a scris:
Sunt multe modalitati foarte grele, dar una dintre cele mai simple e sa ai virusul necomprimat, sa il modifici cu Morphine (incearca mai multe combinatii), dupa care sa il comprimi cu un UPX foarte puternic. That's all folks ! |
"UPX foarte puternic?" Ce intelegi tu prin asta?
Sad_Dreamer a scris:
nu tzine...asta stiau si aia de la antivirusi...aia care lucreaza acolo si nu tine |
Intr-adevar, si antivirusii stiu algoritmul de criptare de la foarte multe packere, il unpack-uieste si vede cum sta treaba
3Nigma a scris:
am una mai usoara...daca tot esti programator si ai un antivirus updatat la zi....compilezi virusul facut de tine pana nu-l detecteaza antivirusu ... MuCH EASIER! |
Mai... daca faci tu virusul nu il detecteaza nimeni.
Inside a scris:
si daca nus programator. .ma invetzi u sa..programez unu ?;- ???:d :cenzurat: |
Chair crezi ca prin cateva cuvinte te invata sa programezi?
Cea mai usoara metoda e sa faci tu un packer (nu cine stie ce kkt) care sa inlocuiasca toti bytes-ii dintr-un executabil cu altceva, sau sa faca un XOR. De exemplu 1 sa il schimbe cu 53, blabla, sau pur si simplu adaugi 1 la fiecare byte (numar cu valori curpinse intre 0-255), si faci la inceputul programului o secventa care reface totul cum era inainte de pack-uire (Totul se face printr-un singur LOOP cu cateva linii de cod)
In ASM ar arata cam asa:
Code:
PUSHAD
MOV EDX, xxx (xxx = lungimea codului)
@blabla: (label pentru revenire de la un JMP)
MOV EAX, ep (EP=Entry Point, adresa de pornire a executiei programului)
ADD EAX, EDX
MOV EBX, [DS:EAX]
XOR EBX, 5
MOV [DS:EAX], EBX
DEC EDX
TEST EDX
LOOPNZ @blabla
POPAD |
Modificat de Shocker (acum 18 ani)
_______________________________________
ShockingSoft is back
Freakz only
Comics of the day
|
|
| pus acum 18 ani |
|
|
rabit
Membru nou
Inregistrat: acum 18 ani
Postari: 1
|
|
Am incercat tutorialul pentru prorat 1.9 dar nu gasesc asta: AWESOME crack
din lista d programe pt k linkul nu merge......Help me pls
|
|
| pus acum 18 ani |
|
|
|
[virus ptr windows]
sau altfel. creezi virusul pe un calc fara antivirus. il testezi, sa vezi daca merge. si urmezi un plan simplu.
faci un alt virus care nu face mai nimic decat creeaza niste .bat cu comenzi care sa stearga fisiere importatante ale antiviruselor si un .bat care sa le apeleze pe toate succesiv. si incluzi ca resursa virusul, daca vrei encriptat cu o anumita cheie si sub un anumit algoritm si il salvezi undeva.
dupa ce ai sters fisierele antivirusului faci ca virusul sa fie rulat a doua uara si salvezi virusul initial undeva si il rulezi. simplu nu?
stiu ca e complex dar e mai bun pentru cei care sunt la inceput cu chestia asta.
merge sa stii. am reusit momentan sa transform o imagine monocromatica .bmp intr`un sir de numere de la -128 pana la 128 si sa le implementez un array constant cu ele.
|
|
| pus acum 18 ani |
|
boogiesbc
Elite Member
 Inregistrat: acum 18 ani
Postari: 1200
|
|
Mai era un topic pus pe vechiul forum unde aparea un .pdf cu tutorial detaliat cum sa faci un virus nedetectabil. Pe acela il mai are cineva?
_______________________________________
30 iunie 2007: Muzica e prima voce...
9 septembrie 2006: Boogie's Sleek Style | Y!M skin
|
|
| pus acum 18 ani |
|
FishBoneZ
Elite Member
 Din: Ardealean!
Inregistrat: acum 18 ani
Postari: 507
|
|
plzzzzz Uploadati iara morphine si da`ti`mi linkul, ca nu merge de nici unde sa`l iau plzzzzzz
_______________________________________
Cauta-Ma ! www.google.com
|
|
| pus acum 18 ani |
|
|
hfhun
Elite Member
Inregistrat: acum 18 ani
Postari: 593
|
|
|
| pus acum 18 ani |
|
|
frantic
Membru nou
Inregistrat: acum 18 ani
Postari: 1
|
|
acesta este primul meu post pe acest forum..so here it goes:
--=[ How to: Create unique strains of Trojans ]=--
Okay, it seems that many people still don't know how to create a new strain of their favourite public Trojan that will pass anti-virus approval. So here's a step by step cus its something that everyone should really know.
You will need ...
your Trojan
A hex editor
A file splitter would be handy too : )
Create a directory and place your Trojan server.exe in it
Run AV over the directory and it will spot the .exe as a virus
Use the file splitter to cut your exe into separate 1mb sections
Run AV over the directory and it will spot one of the files as a virus
delete the others.
keep splitting the (now 1mb) partial.exe into smaller sections till you get it real small and still triggering the antivirus.
when its about 24 bytes start deleting the last byte and running AV ... then deleting the next last byte and running AV ... till AV fails to recognise it
... 93 05 B4 4A CD 21 <- Spotted as Trojan
... 93 05 B4 4A CD <- Spotted as Trojan
... 93 05 B4 4A <- NOT spotted as Trojan
replace the last byte
... 93 05 B4 4A CD
Now lets trim the starting bytes the same way ... one at a time till no longer recognised as a Trojan
22 23 51 8C DB 8E C3 ... <- Spotted as Trojan
23 51 8C DB 8E C3 ... <- Spotted as Trojan
51 8C DB 8E C3 ... <- Spotted as Trojan
8C DB 8E C3 <- NOT Spotted as Trojan
replace the last byte you removed
51 8C DB 8E C3 ... 93 05 B4 4A CD
now you should have the smallest number of bytes (maybe about 12) that the AV program will recognise as being the Trojan. Congratulations, you just found the viral signature
now ... lets find where that sequence of bytes occurs in the original .exe .... lets say at offset 0D98:0348
load your server.exe into Microsoft's 'debug' program with the DOS command 'debug server.exe' and go to that offset, then press U to disassemble the bytes.
51 8
0D98:0348 C DB 8E C3 8B 1E 93 05 B4 4A CD
51 PUSH CX
0D98:0349 8CDB MOV BX,DS
0D98:034B 8EC3 MOV ES,BX
0D98:034D 8B1E9305 MOV BX,[0593]
0D98:0351 B44A MOV AH,4A
0D98:0353 CD21 INT 21
Look at the instructions ... PUSH CX pushes the CX register onto the stack, and the following instruction MOV BX,DS doesn't alter CX -or- the stack ... it is fairly safe to assume we can swap these two instructions and hopefully it wont make a difference to the execution of the program ... so lets do that
So ...
we hexedit '51 8C DB 8E C3'
0D98:0348 51 PUSH CX
0D98:0349 8CDB MOV BX,DS
0D98:034B 8EC3 MOV ES,BX
so that it becomes '8C DB 51 8E C3'
0D98:0348 8CDB MOV BX,DS
0D98:034A 51 PUSH CX
0D98:034B 8EC3 MOV ES,BX
And save our new server.exe
Since we have switched a few bytes in the signature it will no longer register as a Trojan on our AV. Test it to make sure it still works as expected - it should if you are careful about which two instructions you switch : )
also remember that only one byte of the signature needs to change ... so don't worry if one of the instructions you chose is partially or even completely outside of the signature bytes - as long as it results in some change within the signature : )
NOTES:
Not all antivirus programs use the same set of bytes for a signature - so check your new file against other popular AV programs too, and repeat the process if required, till ALL common AV programs fail to report the file : )
You may also need to do the same with any supporting .DLL's that the server installs on the remote, as these normally have telltale signatures too.
Once you have a new version DONT post it ... if it is widely distributed it will eventually find its way onto the AV vendors lists as a 'new strain' - treat this as a PERSONAL version, and it will last you long into the future : )
PS: mi-am prins urechile cand a venit vorba de hex editor si modificarea bytes-ilor in fisierul server.exe, poate cineva pornind de aici sa continue tutorialul, introduc si 2 linkuri: si
|
|
| pus acum 18 ani |
|
Shocker
Super Moderator
Din: localhost
Inregistrat: acum 18 ani
Postari: 2084
|
|
|
| pus acum 18 ani |
|
|
|
pai daca sterge bucati din el pana gaseste semnatura ca s o mai modifici..cum dracu sa mai mearga?????????????
|
|
| pus acum 17 ani |
|
|
Dark_Shad0w
Senior
Inregistrat: acum 17 ani
Postari: 114
|
|
Pentru cei care nu stiu programare si vor sa isi faca propiul rat o sa fac eu un tutorial video in visual basic, in delphi e cam aceeasi chestie :-)
_______________________________________
|
|
| pus acum 17 ani |
|
|
Jedy_08
Membru nou
Din: pitesti
Inregistrat: acum 17 ani
Postari: 9
|
|
ba da pentru ce imi trebuie mie sa virusez calculatorul cuiva? Adik la ce imi foloseste? ce as putea sa aflu sau sa obtin de la el in afara de distractia ca i-=am distrus aluia sistemul?
3.5KB
_______________________________________
Sunt incepator.....adik vreau sa invat
|
|
| pus acum 17 ani |
|
|
tw8
Elite Member
Din: Drobeta Turnu Severin
Inregistrat: acum 17 ani
Postari: 1087
|
|
Jedy_08 a scris:
ba da pentru ce imi trebuie mie sa virusez calculatorul cuiva? Adik la ce imi foloseste? ce as putea sa aflu sau sa obtin de la el in afara de distractia ca i-=am distrus aluia sistemul? |
U ai vazut in ce data a fost ultimu' post :nebun:???
ontopic: Printr-un trojan poti sa controlezi calculatoru' persoanei careia ii trimitzi sv si poti afla tot ce face :-)......deci e interesant :P
_______________________________________
|
|
| pus acum 17 ani |
|
Vektor
Little Kevin
 Din: Arad
Inregistrat: acum 17 ani
Postari: 77
|
|
Shocker a scris:
In ASM ar arata cam asa:
Code:
PUSHAD
MOV EDX, xxx (xxx = lungimea codului)
@blabla: (label pentru revenire de la un JMP)
MOV EAX, ep (EP=Entry Point, adresa de pornire a executiei programului)
ADD EAX, EDX
MOV EBX, [DS:EAX]
XOR EBX, 5
MOV [DS:EAX], EBX
DEC EDX
TEST EDX
LOOPNZ @blabla
POPAD |
|
In mare parte, programul e bun. Ash veni insa cu nishte precizari:
MOV EAX, ep - daca e decriptor de cod executabil sau unpacker nu ishi cunoashte adresa din memorie deci trebuie sa o afle (call $+1 / pop eax / lea eax,[eax+delta] - asta ar fi un exemplu, de obicei se foloseshte ebp). Mai sunt si cazuri in care packerul modifica adresele direct in instructziuni, dar de obicei nu.
MOV [DS:EAX], EBX - DS: nu se foloseshte in programarea pe 32 de bitzi, nu este segment ci selector. Pentru a face XOR cu 5 nu este nevoie sa citeshti / scrii un DWORD (in cazul in care faci asta... ciclul trebuie sa se execute de "xxx" - 3 ori altfel rishti page fault daca programul tau se termina la limita paginii alocate)
TEST EDX - test este o instructziune cu 2 parametri -> test edx,edx - aceasta ar fi o varianta
LOOPNZ - loop / loope / loopne - se folosesc cu ecx, nu edx ca si contor ("c" din "ecx" vine de la "counter" . Cu toate acestea, programul merge si cu loopnz DACA in ecx este un numar mai mare ca in edx (pentru ca LOOP* decrementeaza pe ecx)
O varianta ar fi:
Code:
push ecx
push ebp ; nu are rost sa umplem stiva cu toate registrele
call delta1
delta1=$ ; directiva pentru asamblor
pop ebp
mov ecx,size_of_code
l_start:xor byte ptr[ebp+ecx+delta-1],5
loop l_start
pop ebp
pop ecx
delta=$-delta1 ;directiva pentru asamblor
; presupunem ca urmeaza codul decriptat |
_______________________________________
Forum ']['€AM€LiT€: http://portal.te-home.net/forum
Forum HeXHub: http://meka-meka.com/forum/viewforum.php?f=52 , http://www.thenighthawk.biz/index.php?option=com_smf&Itemid=14
|
|
| pus acum 17 ani |
|
Shocker
Super Moderator
Din: localhost
Inregistrat: acum 18 ani
Postari: 2084
|
|
Ce am postat eu intentionam sa para a ceva in genul unui pseudocod, pentru intelegerea parcurgerii continutului programului, si nu un cod "ready-to-be-compiled". Intr-adevar, ai dreptate, atunci am scris totul in graba, thanks pentru completarile si corectarile facute
_______________________________________
ShockingSoft is back
Freakz only
Comics of the day
|
|
| pus acum 17 ani |
|
Wirus
Membru nou
 Inregistrat: acum 17 ani
Postari: 9
|
|
frate exista vreo versiuna de prorat nedetectabila?
|
|
| pus acum 17 ani |
|
RockWilder
Elite Member
 Din: Real World!
Inregistrat: acum 17 ani
Postari: 894
|
|
Wirus a scris:
frate exista vreo versiuna de prorat nedetectabila? |
Nu exista versiune nedetectabila.
Dar sunt si alte programe gen prorat care nu sunt detectabile la executie ... cum ar fii Shark.
_______________________________________
Only those who attempt the absurd will achieve the impossible. (M C Escher)
|
|
| pus acum 17 ani |
|
|
peacebreaker
Senior
Inregistrat: acum 17 ani
Postari: 119
|
|
Dark_Shad0w a scris:
Pentru cei care nu stiu programare si vor sa isi faca propiul rat o sa fac eu un tutorial video in visual basic, in delphi e cam aceeasi chestie :-) |
chiar te rog
_______________________________________
Virusi is usor de facut chestia e sa fie cat mai original
|
|
| pus acum 17 ani |
|
|
Soryn
Membru nou
Inregistrat: acum 17 ani
Postari: 4
|
|
shark nu e nedectetabil kaspersky antivirus 6 l a vazut imediat
|
|
| pus acum 17 ani |
|
|
Kalash
Pe lista neagra
Inregistrat: acum 17 ani
Postari: 57
|
|
Mie imi merge
|
|
| pus acum 17 ani |
|
|
the_bestial_boy
Membru nou
Inregistrat: acum 17 ani
Postari: 2
|
|
ma care ma inveta si pe mn cva k eu is nou p'aici [b]
|
|
| pus acum 17 ani |
|
|
aluviunea14
Membru nou
Inregistrat: acum 17 ani
Postari: 7
|
|
mai stie cineva altul nedetectabil???
|
|
| pus acum 17 ani |
|
DarkSky
Membru nou
 Inregistrat: acum 17 ani
Postari: 4
|
|
mda..in legatura cu virushii ashtia...care shtie sa fac vreunul?
|
|
| pus acum 17 ani |
|
|
PhK
Membru nou
Din: CiudaT de Nasaud
Inregistrat: acum 17 ani
Postari: 7
|
|
|
| pus acum 17 ani |
|
|
shadow_of_dead92
Membru nou
Inregistrat: acum 17 ani
Postari: 4
|
|
Ma oamenilor daca chiar vreti sa faceti un virus,troian nedetectabil folositi unul din programele OllyDebugger sau Themida...Cu aceste programe va faceti sigur un virus nedetectabil...Este o exceptie...Il detecteaza doar antivirusii cu licenta...daca ma intrebati de un tutorial va zic ca eu nu il mai am in calc pt k am terminat de creat un troian si nu mai am nevoie de altuldaca chiar vreti cu adevarat studiati si voi...
4.5KB
|
|
| pus acum 17 ani |
|
