Forums

  1. General Discussions and Site Issues

    1. The Board Rules & Frequently Asked Questions   (93,671 visits to this link)

      Very important! Please read before posting...

    2. General Discussions and Off Topic

      General and off-topic conversations and discussions here...

      8,972
      posts
    3. Site Bug Reports and Technical Issues

      Bugs and issues regarding this website and board...

      1,877
      posts
  2. Reverse Code Engineering

    1. Challenge of Reverse Engineering

      Try a challenge or contribute your own, any platform or operating system...

      11,359
      posts
    2. Hardware Reverse Engineering

      Reverse engineering of hardware, firmware and industrial controllers...

      113
      posts
    3. Internet and Network Security

      Discussions on network security, holes, exploits and other issues...

      353
      posts
    4. Malware Reverse Engineering

      Debug, disassemble and document interesting trojans, virus', malware, etc.

      1,203
      posts
    5. Reverse Engineering Articles

      Share links to an interesting blog, news page or other RE related site...

      1,036
      posts
    6. Employment and Job Vacancies

      Discussions and employment opportunities in your field of expertise...

      126
      posts
    7. Search On Tuts 4 You   (33,974 visits to this link)

      Use the search engine on the main page as an additional resource...

  3. Developers Forums

    1. Programming and Coding

      Programming and coding tips, help and solutions...

      9,969
      posts
    2. Programming Resources

      Share links and information to external blogs, articles and other resources...

      201
      posts
    3. Programming Puzzles

      Challenge for the shortest possible code and other coding puzzles...

      19
      posts
    4. Software Security / Engineering

      Discussions on developing software and security against reverse engineering...

      466
      posts
  4. Community Projects

    1. TitanEngine Community Edition

      The next generation reverse engineering framework...

      260
      posts
    2. Scylla Imports Reconstruction

      Development and support forum for the Scylla project...

      459
      posts
    3. x64dbg

      An open-source x64/x32 debugger for windows...

      808
      posts
    4. Future Community Projects

      Looking for support and interested partners for a future project?

      103
      posts
    5. Community Projects Archive

      Old and inactive projects moved to long term support...

      506
      posts
  5. The Demoscene

    1. Scene Artists / Demoscene

      Share your graphics, ASCII, module, demo, intro ideas and works...

      7,284
      posts
  • Posts

    • ragdog
      /Fa Listing Assembly code is your friend Here is a WebClient debug version and Assembly listing and a WebClient.pdb for easier debug this exe   webclient.rar
    • LCF-AT
      Hi kao, thanks for your files so it seems to work (anyhow). But now the question is how I should handle the file to find all needed steps just debugging that file.There is a lot and this C or cpp source I cant really understand.Ok I will try to debug that file also if it will take a much time to not all needed steps etc. greetz
    • kao
      Here is the source with schannel web client sample code: ftp://linux.mikroklima.cz/MIDAM-CD/DIGI/samples/SSLClient/cpp/mssdk/WebClient.c
      Here is compiled executable from which you can rip the relevant ASM code: ftp://linux.mikroklima.cz/MIDAM-CD/DIGI/samples/SSLClient/WebClient.exe Attached is slightly patched executable that you can use to test again https://forum.tuts4you.com (added proper Host: header in request). Use command line like this:  WebClient1.exe -sforum.tuts4you.com -p443 -findex.php >result.txt   Result.txt will look like: ... Buffers[1].BufferType = SECBUFFER_DATA Decrypted data: 444 bytes 0000 48 54 54 50 2f 31 2e 31:20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK. 0010 0a 44 61 74 65 3a 20 4d:6f 6e 2c 20 32 30 20 46 .Date: Mon, 20 F 0020 65 62 20 32 30 31 37 20:31 32 3a 34 33 3a 32 30 eb 2017 12:43:20 0030 20 47 4d 54 0d 0a 53 65:72 76 65 72 3a 20 41 70 GMT..Server: Ap 0040 61 63 68 65 0d 0a 45 78:70 69 72 65 73 3a 20 54 ache..Expires: T 0050 68 75 2c 20 31 39 20 4e:6f 76 20 31 39 38 31 20 hu, 19 Nov 1981 0060 30 38 3a 35 32 3a 30 30:20 47 4d 54 0d 0a 43 61 08:52:00 GMT..Ca 0070 63 68 65 2d 43 6f 6e 74:72 6f 6c 3a 20 6e 6f 2d che-Control: no- 0080 73 74 6f 72 65 2c 20 6e:6f 2d 63 61 63 68 65 2c store, no-cache, 0090 20 6d 75 73 74 2d 72 65:76 61 6c 69 64 61 74 65 must-revalidate 00a0 2c 20 70 6f 73 74 2d 63:68 65 63 6b 3d 30 2c 20 , post-check=0, 00b0 70 72 65 2d 63 68 65 63:6b 3d 30 0d 0a 50 72 61 pre-check=0..Pra 00c0 67 6d 61 3a 20 6e 6f 2d:63 61 63 68 65 0d 0a 58 gma: no-cache..X 00d0 2d 58 53 53 2d 50 72 6f:74 65 63 74 69 6f 6e 3a -XSS-Protection: 00e0 20 30 0d 0a 43 6f 6e 6e:65 63 74 69 6f 6e 3a 20 0..Connection: 00f0 63 6c 6f 73 65 0d 0a 53:65 74 2d 43 6f 6f 6b 69 close..Set-Cooki 0100 65 3a 20 69 70 73 34 5f:49 50 53 53 65 73 73 69 e: ips4_IPSSessi 0110 6f 6e 46 72 6f 6e 74 3d:37 32 32 36 65 36 32 61 onFront=7226e62a 0120 61 37 34 62 61 38 62 39:39 36 30 34 61 63 35 62 a74ba8b99604ac5b 0130 64 33 39 31 33 30 65 36:3b 20 70 61 74 68 3d 2f d39130e6; path=/ 0140 3b 20 73 65 63 75 72 65:3b 20 48 74 74 70 4f 6e ; secure; HttpOn 0150 6c 79 0d 0a 53 74 72 69:63 74 2d 54 72 61 6e 73 ly..Strict-Trans 0160 70 6f 72 74 2d 53 65 63:75 72 69 74 79 3a 20 6d port-Security: m 0170 61 78 2d 61 67 65 3d 31:35 37 36 38 30 30 30 3b ax-age=15768000; 0180 69 6e 63 6c 75 64 65 53:75 62 64 6f 6d 61 69 6e includeSubdomain 0190 73 0d 0a 43 6f 6e 74 65:6e 74 2d 54 79 70 65 3a s..Content-Type: 01a0 20 74 65 78 74 2f 68 74:6d 6c 3b 63 68 61 72 73 text/html;chars 01b0 65 74 3d 55 54 46 2d 38:0d 0a 0d 0a et=UTF-8.... Buffers[1].BufferType = SECBUFFER_DATA Decrypted data: 7689 bytes 0000 3c 21 44 4f 43 54 59 50:45 20 68 74 6d 6c 3e 0a <!DOCTYPE html>. 0010 3c 68 74 6d 6c 20 6c 61:6e 67 3d 22 65 6e 2d 55 <html lang="en-U 0020 53 22 20 64 69 72 3d 22:6c 74 72 22 3e 0a 09 3c S" dir="ltr">..< 0030 68 65 61 64 3e 0a 09 09:3c 74 69 74 6c 65 3e 46 head>...<title>F 0040 6f 72 75 6d 73 20 2d 20:54 75 74 73 20 34 20 59 orums - Tuts 4 Y 0050 6f 75 3c 2f 74 69 74 6c:65 3e 0a 09 09 3c 21 2d ou</title>...<!- 0060 2d 5b 69 66 20 6c 74 20:49 45 20 39 5d 3e 0a 09 -[if lt IE 9]>.. 0070 09 09 3c 6c 69 6e 6b 20:72 65 6c 3d 22 73 74 79 ..<link rel="sty 0080 6c 65 73 68 65 65 74 22:20 74 79 70 65 3d 22 74 lesheet" type="t 0090 65 78 74 2f 63 73 73 22:20 68 72 65 66 3d 22 68 ext/css" href="h 00a0 74 74 70 73 3a 2f 2f 66:6f 72 75 6d 2e 74 75 74 ttps://forum.tut 00b0 73 34 79 6f 75 2e 63 6f:6d 2f 75 70 6c 6f 61 64 s4you.com/upload 00c0 73 2f 63 73 73 5f 62 75:69 6c 74 5f 31 2f 35 65 s/css_built_1/5e 00d0 36 31 37 38 34 38 35 38:61 64 33 63 31 31 66 30 61784858ad3c11f0 00e0 30 62 35 37 30 36 64 31:32 61 66 65 35 32 5f 69 0b5706d12afe52_i 00f0 65 38 2e 63 73 73 2e 36:66 38 39 65 34 30 34 38 e8.css.6f89e4048 0100 66 39 32 30 34 65 32 63:35 63 64 64 30 32 64 33 f9204e2c5cdd02d3 0110 36 63 33 31 30 36 38 2e:63 73 73 22 3e 0a 09 09 6c31068.css">... 0120 20 20 20 20 3c 73 63 72:69 70 74 20 73 72 63 3d <script src= 0130 22 2f 2f 66 6f 72 75 6d:2e 74 75 74 73 34 79 6f "//forum.tuts4yo 0140 75 2e 63 6f 6d 2f 61 70:70 6c 69 63 61 74 69 6f u.com/applicatio 0150 6e 73 2f 63 6f 72 65 2f:69 6e 74 65 72 66 61 63 ns/core/interfac 0160 65 2f 68 74 6d 6c 35 73:68 69 76 2f 68 74 6d 6c e/html5shiv/html 0170 35 73 68 69 76 2e 6a 73:22 3e 3c 2f 73 63 72 69 5shiv.js"></scri 0180 70 74 3e 0a 09 09 3c 21:5b 65 6e 64 69 66 5d 2d pt>...<![endif]- 0190 2d 3e 0a 09 09 0a 3c 6d:65 74 61 20 63 68 61 72 ->....<meta char 01a0 73 65 74 3d 22 75 74 66:2d 38 22 3e 0a 0a 09 3c set="utf-8">...< ... As you can see, it works just fine.   webclient1.rar
  • Blog Comments

    • 0xNOP
      Oh well sorry for the late reply!   I just wanted to do it and expose the methods malware writers use often to create their malwares, I just did in PureBasic since I was working on it and found it's a really great and fun language to work with And btw you can work with kernel mode from PureBasic also, you can even create your own Drivers, there's a suit that allows you to do that: http://www.purebasic.fr/english/viewtopic.php?p=404607   Thanks for writing!
    • kuqadk3
      For someone like us,there are not much choice  And this is the best choice which make us feel happy  Atleast for a moment
    • Mr.Mecanik
      What is the concept of this ? An honestly a good trojan is not written in pure basic, but other strong languages like c++ and working in kernel mode, in basic there is not much you can do...
  • File Comments

  • Image Comments

  • Download Statistics

    • Files
      983
    • Comments
      60

    Latest File
    By alfares

    10    0

  • Gallery Statistics

    • Images
      322
    • Comments
      159

    Latest Image
    0
    By alfares · 02/25/2016 10:07 PM