Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      5

    • Content Count

      2,321


  2. CodeExplorer

    CodeExplorer

    Moderator


    • Points

      4

    • Content Count

      3,106


  3. newhak

    newhak

    Full Member


    • Points

      3

    • Content Count

      59


  4. whoknows

    whoknows

    Full Member


    • Points

      3

    • Content Count

      513



Popular Content

Showing content with the highest reputation since 06/25/2020 in Posts

  1. 1 point
    CSRF tokens https://stackoverflow.com/a/33829607 https://www.hhutzler.de/blog/using-curl/ https://www.google.com/search?q=curl+login+with+CSRF -- On all modern login system there are 'validation' like this... What I have done in the past, is to use CefSharp library (or even the plain WebBrowser of .NET frm), load the page @ browser set the values to inputboxes and submit the form to the server by clicking the submit button by JS code. ex document.querySelector('.ovm-ClassificationBarButton-18'); restoreTAB.click();
  2. 1 point
    _PyEval_EvalFrameDefault executes a code object on the Python frame. To dump the code object to a file you need to use PyMarshal_WriteObjectToFile / PyMarshal_WriteObjectToString at an appropriate place within the function. DnSpy has nothing to do with Python. It's just a piece of string inserted there on purpose.
  3. 1 point
    truly, lost you... pasting some functions for GET/POST, maybe is helpful function make_post_request($url, $params, $json) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); if (!$json) { curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params)); } else { $params = json_encode($params); curl_setopt($curl, CURLOPT_POSTFIELDS, $params); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=UTF-8', 'X-Accept: application/json')); } // display header // curl_setopt( $curl , CURLOPT_HEADER, 1 ) ; curl_setopt( $curl , CURLOPT_CUSTOMREQUEST , 'POST'); curl_setopt( $curl , CURLOPT_SSL_VERIFYPEER , false ) ; // <-- u searching for this ? curl_setopt( $curl , CURLOPT_RETURNTRANSFER , true ) ; curl_setopt( $curl , CURLOPT_TIMEOUT , 5 ) ; $response = curl_exec($curl); // http status code // $status = curl_getinfo($c, CURLINFO_HTTP_CODE); // var_dump($status); curl_close($curl); return json_decode($response); } function make_get_request($url, $params) { $c = curl_init(); $url .= '?' . http_build_query($params); curl_setopt($c, CURLOPT_URL, $url); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); // curl_setopt($c, CURLOPT_HEADER, true); /* curl_setopt($c, CURLOPT_FOLLOWLOCATION, true); curl_setopt($c, CURLINFO_HEADER_OUT, true);*/ curl_setopt($c, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); $response = curl_exec($c); /* $status = curl_getinfo($c, CURLINFO_HTTP_CODE); var_dump($status);*/ curl_close($c); return json_decode($response); } once user login, store info to session variable at any page you can get any info stored. ex. ata login page $r is a recordset $_SESSION['mail'] = $_POST['email']; $_SESSION['u'] = $r['fullname']; $_SESSION['id'] = $r['user_id']; $_SESSION['level'] = $r['user_level_id']; then on any page, u can read the variable $_SESSION[??] //always u have to use @ the top @session_start(); what is the need? you are on HTTP and what ? ref curl w/o https : serverfault.com/a/469825
  4. 1 point
    Well it's true though right? Every OS upgrade adds more background services, more memory consumption. They always seek to maximally utilize the resources. You basically need a multi core with high RAM to do anything interesting nowadays. By forcing hardware upgrades, they sell more licenses so there is justification for this business strategy. My father told me in the 1970s these same things went on. So it's much older. They never rewrote the code to be more efficient because they wanted the system always busy so they could justify its use and further upgrades. Some things never change Does not leave us consumers with much options. As you correctly point out, tools like this are never as reliable or well understood as the OS choosing to be more efficient or flexible. To prove it further, Microsoft does not do much to stop Win10 cracks. But put a minimal Win10 with the bloat stripped out and they will DMCA it at light speed. Priorities! Instead of designing to run on certain hardware configurations as claimed, they in reality design it not to run on certain hardware specs.
  5. 1 point
    We say this with every iteration of Windows. Recalling XP being bloated... 🤔 Ted.
  6. 1 point
    awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
  7. 1 point
    Not necessary to unpack to get the key. Key: Steps :
  8. 1 point
    Yep. That is one of the sections. It may be more on larger files. BTW. Here is my script for recover VM'ed Enigma OEP. Is written back in 2015 and i don't know if is fail proof because i did not use/test for more than a year ago. // giv@reversing.ro // Script for restore VM OEP on Enigma 5.xx VM'ed OEP // Delphi files + VB6 bc lc bphwc bpmc dbh GMI eip, CODEBASE mov bazacod, $RESULT GMI eip, CODESIZE mov marimecod, $RESULT VAR INTRARE ask "Enter the EIP of the stolen OEP" mov INTRARE, $RESULT //mov INTRARE, 0041F372 BPHWS INTRARE erun bphwc INTRARE ask "Enter compiler type: 1 for Delphi 2 for Visual Basic 3 for C++" mov tipcompilator, $RESULT cmp $RESULT,1 ifeq jmp Delphi endif cmp $RESULT,2 ifeq jmp vb6 endif cmp $RESULT,3 ifeq jmp C_plus endif //Target compiler select mov delphi, 1 mov vb6, 0 mov cpp, 0 ///////////////// cmp delphi, 1 ifeq jmp Delphi endif cmp vb6, 1 ifeq jmp vb6 endif cmp cpp, 1 ifeq jmp C_plus endif Delphi: log "PUSH EBP" log "MOV EBP, ESP" log "ADD ESP, -10" BREAK: bc bphwc bpmc BPRM bazacod, marimecod erun cmp eip, INTRARE ifeq jmp BREAK endif cmp eip, bazacod+marimecod ifa jmp BREAK endif cmp eax, 01000000 ifa jmp DWORD endif cmp [eip], #FF25#, 2 ifeq jmp BREAK endif mov valoareeax, eax eval "MOV EAX, 00{valoareeax}" LOG $RESULT, "" eval "MOV ECX, 00{ecx}" log $RESULT, "" eval "MOV EDX, 00{edx}" log $RESULT, "" mov pozitie, eip eval "CALL 0{pozitie}" log $RESULT, "" GASIRE_RET: bpmc cmp [eip], #FF25#, 2 ifeq jmp BREAK endif find eip, #C3#, 5 mov adresagasitaret, $RESULT cmp adresagasitaret, 0 ifa bp adresagasitaret erun bc adresagasitaret esti gci eip, COMMAND mov stringoep, $RESULT scmpi stringoep, "PUSH 0x0", 4 cmp $RESULT, 0 ifa jmp Comanda_gci endif esti jmp Comanda_gci endif find eip, #5?C?#, 1500 mov adresagasitaret, $RESULT cmp adresagasitaret, 0 ifa mov diferenta, adresagasitaret-eip cmp diferenta, 35 ifb cmp [adresagasitaret], #5BC3#, 2 ifeq bpmc bp adresagasitaret erun esti esti jmp Comanda_gci endif cmp [adresagasitaret], #5DC2#, 2 ifeq bpmc bp adresagasitaret erun esti esti jmp Comanda_gci endif msg "Diferenta prea mica" endif mov adresacomparare, adresagasitaret add adresacomparare, 1 cmp [adresacomparare], #C3#,1 ifneq mov start, eip add start, 35 find start,#E8????????C3# bp $RESULT erun bc find eip, #5?C?# bp $RESULT erun bc esti esti jmp Comanda_gci //msg "Pauza C3" endif bp adresagasitaret erun bc adresagasitaret esti esti jmp Comanda_gci endif find eip, #5?5?5?5?C3#,500 bpmc mov adresagasitaret, $RESULT cmp adresagasitaret, 0 ifa bp adresagasitaret erun bc adresagasitaret esti esti jmp Comanda_gci endif cmp adresagasitaret, 0 Continuare_ret: bpmc ifa bp adresagasitaret bpmc erun endif bc adresagasitaret esti esti Comanda_gci: GCI eip, COMMAND mov comanda, $RESULT scmpi comanda, "PUSH 0x0", 4 ifneq jmp GASIRE_RET endif jmp BREAK DWORD: ///////// bc bphwc ///////// mov gasire, eax rev gasire mov gasire, $RESULT /////////////////// eval "{gasire}" mov gasire, $RESULT ////////////////// len gasire cmp $RESULT, 7 ifeq eval "0{gasire}" mov gasire, $RESULT jmp ansamblare_gasire endif len gasire cmp $RESULT, 6 ifeq eval "00{gasire}" mov gasire, $RESULT endif //log gasire, "" ansamblare_gasire: eval "#{gasire}#" mov gasire, $RESULT findmem gasire, bazacod mov adresa_p, $RESULT cmp adresa_p, 0 ifeq msg "Pointer negasit" pause endif ifa eval "MOV EAX, DWORD PTR[{adresa_p}]" log $RESULT, "" cmp ecx, 401000 ifa eval "MOV ECX, 00{ecx}" log $RESULT, "" endif cmp edx, 401000 ifa eval "MOV EDX, 00{edx}" log $RESULT, "" endif mov pozitie, eip eval "CALL 0{pozitie}" log $RESULT, "" jmp GASIRE_RET vb6: findmem #5642??21#, bazacod mov variabilapush, $RESULT cmp variabilapush,0 ifeq msg "Pattern not found for push value - VB6" jmp Sfarsit endif eval "PUSH 00{variabilapush}" LOG $RESULT, "" asm eip, $RESULT mov variabilacall, eip-6 eval "CALL 00{variabilacall}" LOG $RESULT, "" asm eip+5, $RESULT jmp Sfarsit C_plus: bc bphwc bpmc BPRM bazacod, marimecod erun MOV intrarecallc, eip EVAL "CALL {intrarecallc}" log $RESULT, "" ASM INTRARE, $RESULT bc bphwc bpmc rtr esti BPRM bazacod, marimecod erun MOV jmpc, eip EVAL "JMP {jmpc}" log $RESULT, "" ASM INTRARE+5, $RESULT jmp Sfarsit Sfarsit: msg "Script is finished"
  9. 1 point
    Small modification of ragdog's idea: 1) breakpoint on LoadBitmapA; 2) look at parameters to the call: 0012F740 00AC119D /CALL to LoadBitmapA from 00AC1198 0012F744 00AC0000 |hInst = 00AC0000 0012F748 00AC3000 \RsrcName = "MyBitmap" So, the DLL is loaded at address AC0000. 3) Dump memory at address AC0000. I used PETools, so it calculated size of dump automatically (EC000 bytes). But you can always use other tool and dump more memory, it won't hurt. 4) Open dump with CFF and use its resource editor function to extract BMP.
  10. 1 point
    return from LoadBitmapA have you the pointer of this picture ;-) Now must you dump it and write the Bitamp header Here is a example for safe the bitmap (dumper) from rohitab //if you want to save the bitmap to a file now that you have it on your computer,here (i dont take credit for this function) void SaveBitmap(char *szFilename,HBITMAP hBitmap) { HDC hdc=NULL; FILE* fp=NULL; LPVOID pBuf=NULL; BITMAPINFO bmpInfo; BITMAPFILEHEADER bmpFileHeader; do{ hdc=GetDC(NULL); ZeroMemory(&bmpInfo,sizeof(BITMAPINFO)); bmpInfo.bmiHeader.biSize=sizeof(BITMAPINFOHEADER); GetDIBits(hdc,hBitmap,0,0,NULL,&bmpInfo,DIB_RGB_COLORS); if(bmpInfo.bmiHeader.biSizeImage<=0) bmpInfo.bmiHeader.biSizeImage=bmpInfo.bmiHeader.biWidth*abs(bmpInfo.bmiHeader.biHeight)*(bmpInfo.bmiHeader.biBitCount+7)/8; if((pBuf = malloc(bmpInfo.bmiHeader.biSizeImage))==NULL) { MessageBox( NULL, "Unable to Allocate Bitmap Memory", "Error", MB_OK|MB_IConerror); break; } bmpInfo.bmiHeader.biCompression=BI_RGB; GetDIBits(hdc,hBitmap,0,bmpInfo.bmiHeader.biHeight,pBuf, &bmpInfo, DIB_RGB_COLORS); if((fp = fopen(szFilename,"wb"))==NULL) { MessageBox( NULL, "Unable to Create Bitmap File", "Error", MB_OK|MB_IConerror); break; } bmpFileHeader.bfReserved1=0; bmpFileHeader.bfReserved2=0; bmpFileHeader.bfSize=sizeof(BITMAPFILEHEADER)+sizeof(BITMAPINFOHEADER)+bmpInfo.bmiHeader.biSizeImage; bmpFileHeader.bfType='MB'; bmpFileHeader.bfOffBits=sizeof(BITMAPFILEHEADER)+sizeof(BITMAPINFOHEADER); fwrite(&bmpFileHeader,sizeof(BITMAPFILEHEADER),1,fp); fwrite(&bmpInfo.bmiHeader,sizeof(BITMAPINFOHEADER),1,fp); fwrite(pBuf,bmpInfo.bmiHeader.biSizeImage,1,fp); }while(false); if(hdc) ReleaseDC(NULL,hdc); if(pBuf) free(pBuf); if(fp) fclose(fp); }
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...