Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 25
» Latest member: KoshkinZad
» Forum threads: 70
» Forum posts: 103

Full Statistics

Online Users
There are currently 16 online users.
» 0 Member(s) | 16 Guest(s)

Latest Threads
Shellcode execution with ...
Forum: C#
Last Post: regasmx86
09-11-2020, 09:50 AM
» Replies: 0
» Views: 2,261
A tonyweb introduction
Forum: Introduction
Last Post: tonyweb
09-01-2020, 03:52 PM
» Replies: 3
» Views: 2,854
Running ELF from memory
Forum: Golang
Last Post: TMZ
08-29-2020, 03:49 PM
» Replies: 0
» Views: 1,350
A Steganographic .NET Exe...
Forum: C#
Last Post: TMZ
08-29-2020, 03:37 PM
» Replies: 0
» Views: 1,577
MBR Dump With .NET
Forum: C#
Last Post: TMZ
08-29-2020, 03:33 PM
» Replies: 0
» Views: 1,236
Dynamic API Calls in .NET
Forum: C#
Last Post: TMZ
08-29-2020, 03:27 PM
» Replies: 0
» Views: 1,289
Injection with Mono.Cecil
Forum: C#
Last Post: SWaNk
08-28-2020, 10:05 AM
» Replies: 1
» Views: 1,497
help - metamorphic /polym...
Forum: Tutorials
Last Post: TMZ
08-28-2020, 09:00 AM
» Replies: 3
» Views: 1,965
Workaround patch until up...
Forum: News & Updates
Last Post: SWaNk
08-27-2020, 09:51 PM
» Replies: 0
» Views: 1,223
Wing IDE Pro 7.2.4
Forum: Tools
Last Post: regasmx86
08-25-2020, 02:16 PM
» Replies: 0
» Views: 1,619

 
  Shellcode execution with C#
Posted by: regasmx86 - 09-11-2020, 09:50 AM - Forum: C# - No Replies

Your shellcode has to be pasted in C++ format: { 0xDE, 0xAD, 0xBE, 0xEF }

Register or login to see this content

[Image: iqkWGFT.png]

Print this item

  Running ELF from memory
Posted by: TMZ - 08-29-2020, 03:49 PM - Forum: Golang - No Replies

Small tool written in Golang to run ELF (x86_64) binaries from memory with a given process name. Works on Linux where kernel version is >= 3.17 (relies on the memfd_create syscall).

Build it with "go build memrun.go" and execute it. The first argument is the process name (string) you want to see in "ps auxww" output for example. Second argument is the path for the ELF binary you want to run from memory.

main.go

Register or login to see this content

Print this item

  A Steganographic .NET Executable
Posted by: TMZ - 08-29-2020, 03:37 PM - Forum: C# - No Replies

A while ago, alcopaul suggested on VXHeaven a .NET executable that could store a secret message inside. While I did not followed his strict theory, I did wrote a working proof of concept, very basic and dirty but, well, it’s only a POC.

Register or login to see this content

Image with encryption process:
Register or login to see this content

Image with decryption process:
Register or login to see this content

This is still a very basic example, you could modify it to do some pretty cool stuff (perhaps using Mono.Cecil), inject your message into any .NET assembly, etc.

Print this item

  MBR Dump With .NET
Posted by: TMZ - 08-29-2020, 03:33 PM - Forum: C# - No Replies

Years ago I was messing around with Windows MBR (on VXHeaven) and got stuck while trying to write a modified copy back to the disk.

Register or login to see this content

That’s it, MBR will be dumped to “raw.bin” in your current application directory. You can open it with a text editor or even better, a hex editor and modify as you wish.

Print this item

  Dynamic API Calls in .NET
Posted by: TMZ - 08-29-2020, 03:27 PM - Forum: C# - No Replies

Here's a way to call APIs without DLLImport. I’ve first saw this years ago at OpenSC.ws as far as I remember and got into the idea. The code was lost since then but I found a copy.

It's a class which can dynamically call a Windows API function at runtime using Reflection.Emit.

Program.cs

Register or login to see this content

DynamicAPI.cs
Register or login to see this content

Image example with output:
Register or login to see this content

Print this item

  Injection with Mono.Cecil
Posted by: TMZ - 08-28-2020, 08:58 AM - Forum: C# - Replies (1)

This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL instructions) into a target assembly, transforming it as we wish. Here’s the test scenario:

A dummy C# application like the one below, compile it to get it’s executable file, that’s what we need:

Register or login to see this content

We also have this other application which will be our injector. You’ll need to download the Mono.Cecil DLL file and add it as reference in the injector project:

Register or login to see this content

Ok, that’s a nice start, we can print a message and execute a file from an injected assembly! Here’s the IL code from before and after the injection.

Before
Register or login to see this content

After

Register or login to see this content

If you now execute the newly generated “12345.exe” file, you will get something like the image below:

Register or login to see this content

That’s pretty much the basics, we can easily add a method to execute any application we want inside another .NET assembly. You could also import the a WebClient and create a downloader, a file dropper or whatever.

Full source
Register or login to see this content

Print this item

  Workaround patch until upgrade
Posted by: SWaNk - 08-27-2020, 09:51 PM - Forum: News & Updates - No Replies

Hello guys,

There are some vulnerability into BBCode (XSS)... So, while I don't upgrade it, I blocked BBCode...

Lot of stuff going, I plan to do it during the weekend.

cya!

Print this item

  Wing IDE Pro 7.2.4
Posted by: regasmx86 - 08-25-2020, 02:16 PM - Forum: Tools - No Replies

[Image: 2019-08-04-10-24-35-1.png]

Wing Python IDE was designed from the ground up for Python, to bring you a more productive development experience. Wing's debugger makes it easy to fix bugs and write new Python code interactively. Use conditional breakpoints to isolate a problem, then step through code, inspect data, try out bug fixes with the Debug Console's command line, watch values, and debug recursively. You can debug multi-process and multi-threaded code launched from the IDE, hosted in a web framework, called from an embedded Python instance, or run on a remote host, VM, or container. Wing also provides an array and dataframe viewer for scientific and data analysis tasks.

Get More Done
Type less and let Wing worry about the details. Get immediate feedback by writing your Python code interactively in the live runtime. Easily navigate code and documentation.

Write Better Code
Avoid common errors and find problems early with assistance from Wing's deep Python code analysis. Keep code clean with smart refactoring and code quality inspection.

Find Bugs Faster
Debug any Python code. Inspect debug data and try out bug fixes interactively without restarting your app. Work locally or on a remote host, VM, or container.

[Image: 2c2YINX.png]

Download:

Register or login to see this content

Print this item

  A tonyweb introduction
Posted by: tonyweb - 08-25-2020, 07:06 AM - Forum: Introduction - Replies (3)

Hi guys and gals,
thank you for accepting my registration to your board.

I found the board almost by chance, while looking for something else on Google, but found good and interesting thread titles and tried my luck Wink
I'm  mainly a java dev and an always wonnabe reverse engineer: I started quite long ago but I'm still a rookie. Have some basic experience in patching/keygenning native and managed stuff, but versus strong protectors I always fail Blush

Thanks to your help I'll try to improve my poor skills.
I'll look forward to contribute whenever my poor skills could help. Angel

Thank you and Best Regards,
Tony

Print this item

  JEB 3.24 Anti-BLM Edition by DimitarSerg
Posted by: regasmx86 - 08-20-2020, 12:45 AM - Forum: Tools - No Replies

[Image: oaFidUi.png]

Maximum license type (copying, scripts, etc. work now).
Fixed all integrity checks/timebombs.
All the telemetry’s been cut out.
Removed the update checks and other shit that tries to connect to the Internet.
Added/reconstructed saving/loading project function.
Decompilation of missing opcodes for Android has been restored.
Restored display of variable values when hovering over them during debugging (Android).
Decompiling for other platforms was fixed (tested x86/x64, webAssembly, MIPS, ARM).

[BONUS]:
Added new option “Use BlueStacks adb” which allows the use of HD-Adb.exe from BlueStacks folder instead of default adb.exe for easy debugging using BlueStacks emulator.
Instruction:

Replace the original jeb.jar and jebc.jar with fixed.
Register it with Keygen (run it, serial will be copied to clipboard)
Installer (jeb-demo-3.24.0.202007280546-JEBDecompilerDemo-121820464987384330.zip)

Register or login to see this content

Fixed jeb.jar, jebc.jar and keygens:
Register or login to see this content

How To Register
Register or login to see this content

Print this item