|
|
posted in Info, Stuff, Tools & sources on Jan 28th, 2010
The new code that extracts the Firefox account data out of the SQLite database is more or less done. If everything goes well I’ll upload the new sourcecode tonight (Swiss time) in a new version of the FFPasswordRecovery tool. During spring I plan to conduct some tests with the SkypeTap plugin and other instant messengers. [...]
posted in RAT sources on Jan 24th, 2010
Name FBI RAT Type RAT Author Albinoskunk Written in C Description After calling for your submissions this is the first RAT source that reached me. It was coded by Albinoskunk. The source is based on Aryan v0.5, it was improved at some places and contains [...]
posted in External tools, Worm sources on Nov 13th, 2009
Name Win32/Blaster/Worm (Lovsan, Lovesan) Type Spreader, Worm Author Unknown Written in C Description This worm was very active in 2003. It spreaded via an RPC vulnerability and executed a DoS attack on a specific date. It’s a well structured code, easy to read and understand. [...]
posted in External tools, Worm sources on Nov 8th, 2009
Name Win32/ogw0rm Type Spreader, Worm Author Unknown Written in C Description Ogw0rm is a good example how malware propagates itself via Instant Messaging apps. It checks the process list for running IM applications and propagates itself by sending messages to new victims. It shows how [...]
posted in RAT sources, Tools & sources, Worm sources on Oct 16th, 2009
Name Win32/Rbot Malware type RAT, Worm Author Unknown Written in C Description Rbot is an IRC controlled backdoor (or “bot”) that can be used to gain unauthorized access to a victim’s machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares [...]
posted in Tools & sources on Mar 29th, 2009
Below, you can find a link to the example source code to bypass a desktop firewall with the OLE Automation technique. The principle is to start a hidden instance of the Internet Explorer and to control it via the OLE Automation technique. ole_automation.cpp
posted in Tools & sources on Mar 7th, 2009
Below, you can find a link to the source code with the function(s) to make a binary delete itself. Under Microsoft Windows it’s not possible to make an executable delete itself. That’s the reason why the function first creates a batch script that deletes the binary file and afterwards itself. panzer_selfdelete.cpp
posted in Tools & sources on Mar 6th, 2009
Below, you can find a link to the source code with the function(s) to add and remove entries in the Windows hosts file. panzer_modifyhostsfile.cpp
posted in Tools & sources on Mar 6th, 2009
Below, you can find a link to the source code with the function(s) to modify the DNS server settings on a Windows system. panzer_setdnsserver.cpp
© 2010 all rights reserved.