Welcome, Guest |
You have to register before you can post on our site.
|
Online Users |
There are currently 24 online users. » 0 Member(s) | 24 Guest(s)
|
Latest Threads |
Shellcode execution with ...
Forum: C#
Last Post: regasmx86
09-11-2020, 09:50 AM
» Replies: 0
» Views: 4,725
|
A tonyweb introduction
Forum: Introduction
Last Post: tonyweb
09-01-2020, 03:52 PM
» Replies: 3
» Views: 4,272
|
Running ELF from memory
Forum: Golang
Last Post: TMZ
08-29-2020, 03:49 PM
» Replies: 0
» Views: 2,307
|
A Steganographic .NET Exe...
Forum: C#
Last Post: TMZ
08-29-2020, 03:37 PM
» Replies: 0
» Views: 2,389
|
MBR Dump With .NET
Forum: C#
Last Post: TMZ
08-29-2020, 03:33 PM
» Replies: 0
» Views: 2,343
|
Dynamic API Calls in .NET
Forum: C#
Last Post: TMZ
08-29-2020, 03:27 PM
» Replies: 0
» Views: 2,908
|
Injection with Mono.Cecil
Forum: C#
Last Post: SWaNk
08-28-2020, 10:05 AM
» Replies: 1
» Views: 2,501
|
help - metamorphic /polym...
Forum: Tutorials
Last Post: TMZ
08-28-2020, 09:00 AM
» Replies: 3
» Views: 3,335
|
Workaround patch until up...
Forum: News & Updates
Last Post: SWaNk
08-27-2020, 09:51 PM
» Replies: 0
» Views: 1,983
|
Wing IDE Pro 7.2.4
Forum: Tools
Last Post: regasmx86
08-25-2020, 02:16 PM
» Replies: 0
» Views: 2,456
|
|
|
Shellcode execution with C# |
Posted by: regasmx86 - 09-11-2020, 09:50 AM - Forum: C#
- No Replies
|
 |
Your shellcode has to be pasted in C++ format: { 0xDE, 0xAD, 0xBE, 0xEF }
Register or login to see this content
|
|
|
Running ELF from memory |
Posted by: TMZ - 08-29-2020, 03:49 PM - Forum: Golang
- No Replies
|
 |
Small tool written in Golang to run ELF (x86_64) binaries from memory with a given process name. Works on Linux where kernel version is >= 3.17 (relies on the memfd_create syscall).
Build it with "go build memrun.go" and execute it. The first argument is the process name (string) you want to see in "ps auxww" output for example. Second argument is the path for the ELF binary you want to run from memory.
main.go
Register or login to see this content
|
|
|
A Steganographic .NET Executable |
Posted by: TMZ - 08-29-2020, 03:37 PM - Forum: C#
- No Replies
|
 |
A while ago, alcopaul suggested on VXHeaven a .NET executable that could store a secret message inside. While I did not followed his strict theory, I did wrote a working proof of concept, very basic and dirty but, well, it’s only a POC.
Register or login to see this content
Image with encryption process:
Register or login to see this content
Image with decryption process:
Register or login to see this content
This is still a very basic example, you could modify it to do some pretty cool stuff (perhaps using Mono.Cecil), inject your message into any .NET assembly, etc.
|
|
|
MBR Dump With .NET |
Posted by: TMZ - 08-29-2020, 03:33 PM - Forum: C#
- No Replies
|
 |
Years ago I was messing around with Windows MBR (on VXHeaven) and got stuck while trying to write a modified copy back to the disk.
Register or login to see this content
That’s it, MBR will be dumped to “raw.bin” in your current application directory. You can open it with a text editor or even better, a hex editor and modify as you wish.
|
|
|
Dynamic API Calls in .NET |
Posted by: TMZ - 08-29-2020, 03:27 PM - Forum: C#
- No Replies
|
 |
Here's a way to call APIs without DLLImport. I’ve first saw this years ago at OpenSC.ws as far as I remember and got into the idea. The code was lost since then but I found a copy.
It's a class which can dynamically call a Windows API function at runtime using Reflection.Emit.
Program.cs
Register or login to see this content
DynamicAPI.cs
Register or login to see this content
Image example with output:
Register or login to see this content
|
|
|
Injection with Mono.Cecil |
Posted by: TMZ - 08-28-2020, 08:58 AM - Forum: C#
- Replies (1)
|
 |
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario:
A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need:
Register or login to see this content
We also have this other application which will be our injector. You’ll need to download the Mono.Cecil DLL file and add it as reference in the injector project:
Register or login to see this content
Ok, that’s a nice start, we can print a message and execute a file from an injected assembly! Here’s the IL code from before and after the injection.
Before
Register or login to see this content
After
Register or login to see this content
If you now execute the newly generated “12345.exe” file, you will get something like the image below:
Register or login to see this content
That’s pretty much the basics, we can easily add a method to execute any application we want inside another .NET assembly. You could also import the a WebClient and create a downloader, a file dropper or whatever.
Full source
Register or login to see this content
|
|
|
Workaround patch until upgrade |
Posted by: SWaNk - 08-27-2020, 09:51 PM - Forum: News & Updates
- No Replies
|
 |
Hello guys,
There are some vulnerability into BBCode (XSS)... So, while I don't upgrade it, I blocked BBCode...
Lot of stuff going, I plan to do it during the weekend.
cya!
|
|
|
Wing IDE Pro 7.2.4 |
Posted by: regasmx86 - 08-25-2020, 02:16 PM - Forum: Tools
- No Replies
|
 |
![[Image: 2019-08-04-10-24-35-1.png]](https://i.postimg.cc/x1PSM1Jr/2019-08-04-10-24-35-1.png)
Wing Python IDE was designed from the ground up for Python, to bring you a more productive development experience. Wing's debugger makes it easy to fix bugs and write new Python code interactively. Use conditional breakpoints to isolate a problem, then step through code, inspect data, try out bug fixes with the Debug Console's command line, watch values, and debug recursively. You can debug multi-process and multi-threaded code launched from the IDE, hosted in a web framework, called from an embedded Python instance, or run on a remote host, VM, or container. Wing also provides an array and dataframe viewer for scientific and data analysis tasks.
Get More Done
Type less and let Wing worry about the details. Get immediate feedback by writing your Python code interactively in the live runtime. Easily navigate code and documentation.
Write Better Code
Avoid common errors and find problems early with assistance from Wing's deep Python code analysis. Keep code clean with smart refactoring and code quality inspection.
Find Bugs Faster
Debug any Python code. Inspect debug data and try out bug fixes interactively without restarting your app. Work locally or on a remote host, VM, or container.
![[Image: 2c2YINX.png]](https://i.imgur.com/2c2YINX.png)
Download: Register or login to see this content
|
|
|
JEB 3.24 Anti-BLM Edition by DimitarSerg |
Posted by: regasmx86 - 08-20-2020, 12:45 AM - Forum: Tools
- No Replies
|
 |
![[Image: oaFidUi.png]](https://i.imgur.com/oaFidUi.png)
Maximum license type (copying, scripts, etc. work now).
Fixed all integrity checks/timebombs.
All the telemetry’s been cut out.
Removed the update checks and other shit that tries to connect to the Internet.
Added/reconstructed saving/loading project function.
Decompilation of missing opcodes for Android has been restored.
Restored display of variable values when hovering over them during debugging (Android).
Decompiling for other platforms was fixed (tested x86/x64, webAssembly, MIPS, ARM).
[BONUS]:
Added new option “Use BlueStacks adb” which allows the use of HD-Adb.exe from BlueStacks folder instead of default adb.exe for easy debugging using BlueStacks emulator.
Instruction:
Replace the original jeb.jar and jebc.jar with fixed.
Register it with Keygen (run it, serial will be copied to clipboard)
Installer (jeb-demo-3.24.0.202007280546-JEBDecompilerDemo-121820464987384330.zip)
Register or login to see this content
Fixed jeb.jar, jebc.jar and keygens:
Register or login to see this content
How To Register
Register or login to see this content
|
|
|
|