Jump to content
Tuts 4 You

Leaderboard

  1. whoknows

    whoknows

    Full Member


    • Points

      5

    • Content Count

      516


  2. Kurapica

    Kurapica

    Full Member


    • Points

      5

    • Content Count

      839


  3. kao

    kao

    Full Member+


    • Points

      5

    • Content Count

      2,321


  4. LCF-AT

    LCF-AT

    Full Member+


    • Points

      4

    • Content Count

      4,927



Popular Content

Showing content with the highest reputation since 06/28/2020 in all areas

  1. 2 points
    you shouldn't be using WD in first place.
  2. 1 point
    Also Windows Defender might have options to do live cloud verification or other levels of threat verification like generic heuristics. Is the web connection enabled in the VM and all Windows Defender settings the same? Virustotal style hash checking and stuff are becoming more common in antivirus apps lately for having access to a more up to date and broader database that allows vendors to find viruses earlier as well. Could even be some random spyware setting in your Windows account profile usually under the title of "help Microsoft improve our products and user experience" type of option. Or Windows Defender is so smart that it knows when you are in a VM or sandbox probably you are studying the viruses and do not want to block them. But doubt it
  3. 1 point
    Updates between Windows 10 machines are not always equal regardless of what date/version things say. They roll things out in batches and based on each devices hardware and other qualifying identifiers. Windows Defender symbols and definitions work in a similar manner. So both of your setups may show the same version of WD, but the definitions could be different as one of the machines probably hasn't gotten "permission" to obtain the latest stuff yet. That said, the detection difference could just be an updated difference in the definitions they pushed or that the way WD detected things was done in a different order. (Pretty sure their scanner does multi-threaded scans for performance purposes so one of the threads may have hit the other detection before another thread completed etc. and it just shows what was found first.)
  4. 1 point
    the fourth parameter is holding your results that you see in protocol family etc the third parameter is the type of connection you want to send MSDN: ZeroMemory( &hints, sizeof(hints) ); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; clears the memory holding ADDRINFO of sending type... then fills it with the type of connection of TCP socket unspecified family (auto detect IPv4 IPv6) in this case once that gets sent out we want our servers reply: that’s the info stored in parameter 4 results You then read the “results” starting at 01C99670 Before you call getaddrinfo breakpoint it on curl and see what the params’ point to
  5. 1 point
    Probably it's like this because the HTML standard is too loose and flexible in a way that makes uniformity on security issues something unlikely to ever happen at this point. Dynamic aspects even more so are to increase security or even business model. As much as many of us want to see this be easily scrptable, businesses are working hard to ensure in fact just the opposite. So many bots doing phony stuff nowadays for one, and sometimes data leaching is desired to be prevented because the data and bandwidth have value. Some businesses want you to have to manually go through login and clicking to simply make it cumbersome to both waste your time and energy and keep things complicated enough that you might make a mistake. I would really like a script which logs in and downloads, renames appropriately and saves all bill or bank statements every month for example. But its cumbersome and tedious at best to script and if a captcha comes likely you need to interrupt the automation for a short user browser interaction before proceeding. Unless you want to automate that with special built neural nets. I've yet to see one that makes human like mouse movement but the bot networks out there probably have it albeit it's not public.
  6. 1 point
    Hi guys, thanks for the feedback again.So this really sounds like hell to build any own client code without to build a browser engine to find out what kind of validation any xy site does request.So why is this validation so dynamic?Sound like that any server could also use any own request method XY instread GET / POST etc like GET_IT or whatever you know.All in all its just bad for me now so there are too much diffrent variables to handle and to know before.This just sucks. greetz
  7. 1 point
    @LCF-AT sure, is like, is diff executable, depends on author. apart from diff server validations each form has diff name for elements, ex these names take place when POST/GET to the server when u click 'login' or whatever..
  8. 1 point
    https://www.infoq.com/news/2020/07/mandrel-graalvm/ @CodeExplorer -- bonus pavellaptev.github.io/web-dark-ages/
  9. 1 point
    Apologies, I deviated the topic on the thought of an affordable 400TB SSD in my lifetime. We may need these capacities if heading to 8K and 16K video sources at some point in the future... Ted.
  10. 1 point
    10-12TB spinning drives only this year started to get to a reasonable $/GB ratio. So, 100TB+ SSD is way, way out of reach for the ordinary consumer. And it will be out of reach for next 5-10years. BTW, the f*ing original article was talking about tape drives, not HDDs or SSDs. Personally, I wouldn't call that a drive - but English is not my native language..
  11. 1 point
    Worlds largest SSD recorded so far is sitting at 100TB currently. From Nimbus Data, was a 3.5" bay drive running under SATA or SAS. Granted they reveled it back in 2018, and SSD tech has GREATLY improved since then, so I'm sure the other companies have larger stuff behind the scenes now and just haven't shown it yet. Most of the work being done on the drive market that we are seeing publicly right now is optimizations to the caching and storing of data on the chips and not so much in regards to chasing the larger sizes for the consumer market.
  12. 1 point
    Every site especially nowadays can be quite different. Not only the form fields which can change need to be identified but persistent login options, one or more redirects can occur, cookies are dropped and must be forwarded, browser headers are checked and per browser details involved. Sometimes custom headers are added, there is CSRF, sometimes client side Javascript is doing some key changes to headers or the request maybe encrypting or encoding, sometimes a captcha will come about some just monitoring mouse movements others requiring specific valid input, sometimes the site loads important cookies from other sites, SSL considerations with client or server side certificates, the original HTML spec even had authentication options like basic and digest, even NTLM Windows auth is possible through digest as I recall. So best to create your generic template which deals with all of these things and have per site settings which guide the template. It's a real project for sure but not impossible. But yea a pain indeed.
  13. 1 point
    CSRF tokens https://stackoverflow.com/a/33829607 https://www.hhutzler.de/blog/using-curl/ https://www.google.com/search?q=curl+login+with+CSRF -- On all modern login system there are 'validation' like this... What I have done in the past, is to use CefSharp library (or even the plain WebBrowser of .NET frm), load the page @ browser set the values to inputboxes and submit the form to the server by clicking the submit button by JS code. ex document.querySelector('.ovm-ClassificationBarButton-18'); restoreTAB.click();
  14. 1 point
    _PyEval_EvalFrameDefault executes a code object on the Python frame. To dump the code object to a file you need to use PyMarshal_WriteObjectToFile / PyMarshal_WriteObjectToString at an appropriate place within the function. DnSpy has nothing to do with Python. It's just a piece of string inserted there on purpose.
  15. 1 point
    truly, lost you... pasting some functions for GET/POST, maybe is helpful function make_post_request($url, $params, $json) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); if (!$json) { curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params)); } else { $params = json_encode($params); curl_setopt($curl, CURLOPT_POSTFIELDS, $params); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=UTF-8', 'X-Accept: application/json')); } // display header // curl_setopt( $curl , CURLOPT_HEADER, 1 ) ; curl_setopt( $curl , CURLOPT_CUSTOMREQUEST , 'POST'); curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER , false ) ; // <-- u searching for this ? curl_setopt( $curl , CURLOPT_RETURNTRANSFER , true ) ; curl_setopt( $curl , CURLOPT_TIMEOUT , 5 ) ; $response = curl_exec($curl); // http status code // $status = curl_getinfo($c, CURLINFO_HTTP_CODE); // var_dump($status); curl_close($curl); return json_decode($response); } function make_get_request($url, $params) { $c = curl_init(); $url .= '?' . http_build_query($params); curl_setopt($c, CURLOPT_URL, $url); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); // curl_setopt($c, CURLOPT_HEADER, true); /* curl_setopt($c, CURLOPT_FOLLOWLOCATION, true); curl_setopt($c, CURLINFO_HEADER_OUT, true);*/ curl_setopt($c, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); $response = curl_exec($c); /* $status = curl_getinfo($c, CURLINFO_HTTP_CODE); var_dump($status);*/ curl_close($c); return json_decode($response); } once user login, store info to session variable at any page you can get any info stored. ex. ata login page $r is a recordset $_SESSION['mail'] = $_POST['email']; $_SESSION['u'] = $r['fullname']; $_SESSION['id'] = $r['user_id']; $_SESSION['level'] = $r['user_level_id']; then on any page, u can read the variable $_SESSION[??] //always u have to use @ the top @session_start(); what is the need? you are on HTTP and what ? ref curl w/o https : serverfault.com/a/469825
  16. 1 point
    awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
  17. 1 point
    Not necessary to unpack to get the key. Key: Steps :
  18. 1 point
    Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quickly access API adresses (bp GetProcAddress) syntax highlighting, currently not customizable simple memory map (just addr+size+module+protection basically) The debugger has an easy GUI, for which we looked a lot at Olly Debug engine is TitanEngine, disassembler BeaEngine, icons are from various sources (see About dialog). We use QT for the GUI part. If you have a suggestion, a bug report, need more info, want to contribute, just post here or send me a private message. The latest public build + source can always be found on http://x64dbg.com (click 'Source'->'bin_public') to download the latest build. For now, you can also download the first 'alpha' here We would love to hear from you! Greetings, Mr. eXoDia & Sigma
  19. 1 point
    Small modification of ragdog's idea: 1) breakpoint on LoadBitmapA; 2) look at parameters to the call: 0012F740 00AC119D /CALL to LoadBitmapA from 00AC1198 0012F744 00AC0000 |hInst = 00AC0000 0012F748 00AC3000 \RsrcName = "MyBitmap" So, the DLL is loaded at address AC0000. 3) Dump memory at address AC0000. I used PETools, so it calculated size of dump automatically (EC000 bytes). But you can always use other tool and dump more memory, it won't hurt. 4) Open dump with CFF and use its resource editor function to extract BMP.
  20. 1 point
    return from LoadBitmapA have you the pointer of this picture ;-) Now must you dump it and write the Bitamp header Here is a example for safe the bitmap (dumper) from rohitab //if you want to save the bitmap to a file now that you have it on your computer,here (i dont take credit for this function) void SaveBitmap(char *szFilename,HBITMAP hBitmap) { HDC hdc=NULL; FILE* fp=NULL; LPVOID pBuf=NULL; BITMAPINFO bmpInfo; BITMAPFILEHEADER bmpFileHeader; do{ hdc=GetDC(NULL); ZeroMemory(&bmpInfo,sizeof(BITMAPINFO)); bmpInfo.bmiHeader.biSize=sizeof(BITMAPINFOHEADER); GetDIBits(hdc,hBitmap,0,0,NULL,&bmpInfo,DIB_RGB_COLORS); if(bmpInfo.bmiHeader.biSizeImage<=0) bmpInfo.bmiHeader.biSizeImage=bmpInfo.bmiHeader.biWidth*abs(bmpInfo.bmiHeader.biHeight)*(bmpInfo.bmiHeader.biBitCount+7)/8; if((pBuf = malloc(bmpInfo.bmiHeader.biSizeImage))==NULL) { MessageBox( NULL, "Unable to Allocate Bitmap Memory", "Error", MB_OK|MB_IConerror); break; } bmpInfo.bmiHeader.biCompression=BI_RGB; GetDIBits(hdc,hBitmap,0,bmpInfo.bmiHeader.biHeight,pBuf, &bmpInfo, DIB_RGB_COLORS); if((fp = fopen(szFilename,"wb"))==NULL) { MessageBox( NULL, "Unable to Create Bitmap File", "Error", MB_OK|MB_IConerror); break; } bmpFileHeader.bfReserved1=0; bmpFileHeader.bfReserved2=0; bmpFileHeader.bfSize=sizeof(BITMAPFILEHEADER)+sizeof(BITMAPINFOHEADER)+bmpInfo.bmiHeader.biSizeImage; bmpFileHeader.bfType='MB'; bmpFileHeader.bfOffBits=sizeof(BITMAPFILEHEADER)+sizeof(BITMAPINFOHEADER); fwrite(&bmpFileHeader,sizeof(BITMAPFILEHEADER),1,fp); fwrite(&bmpInfo.bmiHeader,sizeof(BITMAPINFOHEADER),1,fp); fwrite(pBuf,bmpInfo.bmiHeader.biSizeImage,1,fp); }while(false); if(hdc) ReleaseDC(NULL,hdc); if(pBuf) free(pBuf); if(fp) fclose(fp); }
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...