Tuts 4 You

Moderator

35

2,962

24

7,979

Full Member+

23

2,233

Junior+

20

16

## Popular Content

Showing content with the highest reputation since 11/12/2019 in all areas

1. 8 points

2. 4 points

## WinRAR Nukes Pirate Keygen

Actually Winrar was a kind of an earl adopter of ECDSA licensing, but they made a mistake in the implementation, much like level 10 armadillo. I still remember when I first came across this release - i thought, man, not another hardcoded-pseude-keygen ... then I saw "SeVeN/FFF". I was like "ahh shit here we go". Problem for Winrar is that their license is tied to archive signatures - if they change it they will break the signature mechanism.
3. 3 points

## WinRAR Nukes Pirate Keygen

i remember also the cracktro https://defacto2.net/f/b42719a and that core stole the release https://defacto2.net/f/b22ed7a
4. 3 points

## Invidious is an alternative front-end to YouTube

https://invidio.us/ src - https://github.com/omarroth/invidious
5. 3 points

## Unpack Challenge (Agile.NET)

JitDumperv4.rar
6. 2 points

## WinRAR Nukes Pirate Keygen

FFF - This name I have encountered so many times. A guy named Axis -FFF have keygenned/Patched dozens of App and great thing is that, If he patch, everything works well. Some of Great Protectors for HWID Lock (I wont mention name but all knows which is widely used for .NET, Delphi bla bla ) is done by Axis / FFF though many others cracked or modified Demo like PC-RET or many others but there Crack is not ok. Means If you protect your file, then anyone else without the project can create keys for your protection (All he need is to just use same algo. which can be easily understand using Demo Key) But only the Axis/FFF works always like an original.
7. 2 points

## WinRAR Nukes Pirate Keygen

I can't believe it all happened in 2009, a full decade ago. It does not feel like it was that far back... Ted.
8. 2 points

## How to bring a window active to front?

I am glad you have a workaround for this in the end. You may find suspending operation for around ~10 milliseconds after setting the cursor position and before simulating the mouse down input, using the Sleep function, adds a little bit more reliability and may not require you to add a second call to SetWindowPos. If you are concerned about accidentally activating a menu when simulating the mouse down you can calculate the centre of the windows titlebar or populate NONCLIENTMETRICS structure. Just be mindful there may be occasions where this may still occur particularly with owner drawn windows and Windows 10 apps. I still recommend the timer option... 😎 Ted.
9. 2 points

11. 2 points

## Strange VB injector sample, no injection behavior on physical/virtual machine

Injector uses VB P-Code, you'll need to use VB decompiler or some P-Code disassembler for analysis. It's pretty funky code using shellcode, resolving APIs by hash and what not. Or you can simply put breakpoint on RtlDecompressBuffer and then dump decompressed payload from memory. It's an old shitty backdoor called XpertRAT. BTW, injector works just fine in my VMWare (32bit Win7).
12. 2 points

## Flare On 6

@Washi has finally made his writeups public: https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2019/ Some of his solutions make me green with envy. Great job!
13. 2 points

## Unpack Challenge (Agile.NET)

I have unpacked most of the protections just need someone to complete the last part of it, the calls/delegates!! Instructions: 1. Jit-dump the executable with JitDumper3/4 enable the checkbox (Dump MD). 2. Clean the (String And Flow) with SimpleAssemblyExplorer(SAE) checking the checkbox (Delegates} as well. 3. De4dot. Files.rar
14. 1 point

## Do you know any frame rate calculator?

I think this should do it... ffmpeg -y -i input.mp4 -vf "setpts=1.25*PTS" -r 30 output.mp4 Changing the -r value to match your needed framerate
15. 1 point

## Do you know any frame rate calculator?

You're overcomplicating things. You have video that has 300 frames. You need it to last 60 seconds. Necessary frame rate is 300/60=5 frames per second. Who would want to write a specific tool that does one division operation? Certainly not me.
16. 1 point

## ILSpy mod by Medsft: NET assembly browser and decompiler, debugger, Hi

h__ps://my-files.ru/wcun0h pass: exelab
17. 1 point

## Do you know any tiny image editor?

Starting from the smallest: IrfanView, XNView Classic, Paint.NET. Rotate works in all 3; Saving transparency info is slightly crappy in IrfanView, works perfectly in all others; Resize on mouse scroller - haven't seen in any editor ever. Works in all 3 by entering resize % (eg. 200%) or target dimensions;
18. 1 point

## Strange VB injector sample, no injection behavior on physical/virtual machine

Hi all: Recently I've analyzed a VB malware sample. This VB injector runs on physical analyzer machine (Win7 x86) and virtual machines (Win7 x64 and Win XP) without injection behavior. But when I upload the sample to the online sandbox, it appears to inject iexplorer.exe and sends DNS request to C&C server. By the way, the VC runtime library and .NET framework 2&4 are already installed on the virtual machine. I have not found any way to make the sample appear any injection behavior by checking Process Monitor yet. Can anyone figure out the reason, it's welcome to communicate, or is there anyone who can dump out its Trojan body, please let me know, thks a lot... The password of the sample zip package is "infected". Do not run or debug on the real machine! ANY.RUN report (PC-side access): https://app.any.run/tasks/2be96389-5c11-4541-b3b2-bb027f445add/ Hybrid Analysis report: https://www.hybrid-analysis.com/sample/0e0a3f5fa2d7e092dbb9e31b55e8f1dc6879673d9af92735577522dc504e7af9?environmentId=120 VB_Injector_password_infected.zip
19. 1 point

## How to bring a window active to front?

Hi again, I changed the code a little... invoke GetClipboardOwner mov cOnr,eax invoke GetParent,cOnr mov cWnd,eax invoke SetWindowPos,cWnd,hWin,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS invoke GetCursorPos,addr lp invoke GetWindowRect,hWin,addr rc mov eax, rc.left add eax, 30 mov ecx, rc.top add ecx, 10 invoke SetCursorPos,eax,ecx invoke SetWindowPos,hWin,HWND_TOPMOST,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS invoke SetWindowPos,hWin,HWND_NOTOPMOST,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS mov INP.INPUT._type,INPUT_MOUSE mov INP.INPUT.mi.dwFlags, MOUSEEVENTF_LEFTDOWN invoke SendInput,1,addr INP,sizeof INP mov INP.INPUT.mi.dwFlags, MOUSEEVENTF_LEFTUP invoke SendInput,1,addr INP,sizeof INP invoke SetCursorPos,lp.x,lp.y ...adding SetWindowPos x2.Now it works better.Also moved mouse more to left to prevent to open that menu.But also in this case its not working all over.When I do copy something from browser or other sources then WM_CLIPBOARDUPDATE seems to fail.Before I used WM_DRAWCLIPBOARD with SetClipboardViewer functon etc and there it was working.Strange is that its now no more working.Maybe using AddClipboardFormatListener function and RemoveClipboardFormatListener isnt a good choice or doing change something on my system = WM_DRAWCLIPBOARD fails.Now I need to reboot PC to check this out.Hhmm!!!So thats pretty bad,dont wanna each time do a reboot just to get my old stuff working again.Otherwise I will just using SetWindowPos x2 alone without getting the avtive window status if the other code examples doing some strange problems later. greetz EDIT: My fault about WM_DRAWCLIPBOARD so its still working.Just forgot that I added a check yesterday.So I think now its seems to work better using example from Ted WindowToFocus x32 just with adding SetWindowPos x2 and moving mousepointer some more to right side where it does click on.I think with this method I can live now so far. I can use it with WM_DRAWCLIPBOARD (SetClipboardViewer etc) or also with WM_CLIPBOARDUPDATE with AddClipboardFormatListener function.This seems to be easier just need to call this function once + RemoveClipboardFormatListener at the end. Thank again guys.
20. 1 point

24. 1 point

## How to bring a window active to front?

SetWindowPos can change the z order but it doesn't activate the window You can use SetActiveWindow after you have brought to front, if its not in front it will not set as active Have you tried SetForegroundWindow ?
25. 1 point

## How to bring a window active to front?

I use a free app which I think does what your asking, it is a downloader which monitors the clipboard for new links to sites it supports such as youtube, clicknupload etc. and when a new link is copied to clipboard it pops up a window asking if you want to download it if that's what you want your app to do then maybe you could see how they do it there http://wordrider.net/freerapid/
26. 1 point

45. 1 point

## Linux binary to exploit

Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email. This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode. The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value) Any of you that can give it a look? Thanks a lot guys! (the vulnerable binary it's "vulnelf") vulnelf
46. 1 point

## A Crash Course in Everything Cryptographic...

https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482 Ted.
47. 1 point

## Anti Debugging Protection Techniques With Examples

Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
48. 1 point

## Anti Debugging Protection Techniques With Examples

this has some more techniques: https://studylib.net/doc/14916230/anti-debugging-techniques-malware-analysis-seminar-meetin...
49. 1 point

## Feedback and Ideas

Good times! I still play UT every once in while, last time was with my son. Happy to participate in a game night/day if someone is able to organise an event and it falls at a suitable date and time... Ted.
50. 0 points

## Feedback and Ideas

I do miss the old times with people actually posting new and interesting stuff in here. Last few years have been really tough. I don't have a solution to that, just the feeling that it's the biggest problem that needs addressing. As for smaller and easier to solve things: 1) It would be nice to have faster actions to stop troll-fights between techlord's fans and their opponents. Last thing we need here is the toxic atmosphere they bring; 2) It's time to stop "Difficulty 10/10" nonsense in crackmes that contain nothing more than a rebranded ConfuserEx. For example, create a rule that members with "Junior" title are not allowed to post crackmes, as they almost inevitably submit total garbage. Or maybe crackme section moderators could do more filtering (I'm not saying they are not doing a good job - they are!, just that the acceptance rules are too relaxed); My 2 cents. kao.