|
|
|
posted in Info, Stuff, Tools & sources on Jan 28th, 2010
The new code that extracts the Firefox account data out of the SQLite database is more or less done. If everything goes well I’ll upload the new sourcecode tonight (Swiss time) in a new version of the FFPasswordRecovery tool.
During spring I plan to conduct some tests with the SkypeTap plugin and other instant messengers. If [...]
posted in RAT sources on Jan 24th, 2010
Name
FBI RAT
Type
RAT
Author
Albinoskunk
Written in
C
Description
After calling for your submissions this is the first RAT source that reached me. It was coded by Albinoskunk. The source is based on Aryan v0.5, it was improved at some places and contains all relevant components of a RAT, client, server, GUI and what I consider as the most interesting part in [...]
posted in External tools, Worm sources on Nov 13th, 2009
Name
Win32/Blaster/Worm (Lovsan, Lovesan)
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
This worm was very active in 2003. It spreaded via an RPC vulnerability and executed a DoS attack on a specific date. It’s a well structured code, easy to read and understand. The intresting paragraphs are the spreader which attacks new victim system to learn and see how (easily) it [...]
posted in External tools, Worm sources on Nov 8th, 2009
Name
Win32/ogw0rm
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
Ogw0rm is a good example how malware propagates itself via Instant Messaging apps. It checks the process list for running IM applications and propagates itself by sending messages to new victims.
It shows how to enumerate Windows, send key strokes to the OS, Registry stuff and a little networking stuff. A simple malware source [...]
posted in RAT sources, Tools & sources, Worm sources on Oct 16th, 2009
Name
Win32/Rbot
Malware type
RAT, Worm
Author
Unknown
Written in
C
Description
Rbot is an IRC controlled backdoor (or “bot”) that can be used to gain unauthorized access to a victim’s machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants [...]
posted in Tools & sources on Mar 29th, 2009
Below, you can find a link to the example source code to bypass a desktop firewall with the OLE Automation technique. The principle is to start a hidden instance of the Internet Explorer and to control it via the OLE Automation technique.
ole_automation.cpp
posted in Tools & sources on Mar 7th, 2009
Below, you can find a link to the source code with the function(s) to make a binary delete itself. Under Microsoft Windows it’s not possible to make an executable delete itself. That’s the reason why the function first creates a batch script that deletes the binary file and afterwards itself.
panzer_selfdelete.cpp
posted in Tools & sources on Mar 6th, 2009
Below, you can find a link to the source code with the function(s) to add and remove entries in the Windows hosts file.
panzer_modifyhostsfile.cpp
posted in Tools & sources on Mar 6th, 2009
Below, you can find a link to the source code with the function(s) to modify the DNS server settings on a Windows system.
panzer_setdnsserver.cpp
© 2010 all rights reserved.
