Search the Community

Showing results for tags 'malicious'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me










Found 9 results

  1. PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator phpencode tennc web-malware-collection webtoolsvn novahot Of course, it’s trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category and should re-read the previous statement. How does it work? Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it’s that simple! Instead of using an hash-based approach, PMF tries as much as possible to use semantic patterns, to detect things like “a $_GET variable is decoded two times, unziped, and then passed to some dangerous function like system“. [hide][Hidden Content]]
  2. Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check for manual reproduce steps If your generated cab is not working, try pointing out exploit.html URL to Finally try the docx in a Windows Virtual Machine: [hide][Hidden Content]]
  3. PageTableInjection Code Injection, Inject malicious payload via pagetables pml4. Introduction This is just a proof-of-concept of the page table injection technique to inject malicious code into the arbitrary user processes. On Windows(and some modern OSes), every process has a its PML4 a.k.a Directory Table Base. Thus the process A cannot access process B without APIs. but how about if we can inject arbitrary PML4 entry? of course, the PML4 entry will point to the corresponding physical address of entries, PDP, PD, and PT as exactly the same as the backing process. In order to inject malicious PML4 entry to the target process, we need to have an actual resident page (physical memory) that backing the malicious PML4 entry. Thus literally the resident page must be a resident, otherwise, the system will crash or would become unstable, because, during the MMU translating to the physical address, there is nothing that MMU expects, as well as there is nothing the windows memory manager has nothing expects. Let’s look at the both backing process and target process buffers. In this case, the buffers are: Backing Process VA: 0x1A45F810000 Deployment Process Injected VA: 0x6EA45F810000 Before step to the next, some of you may think that the 2nd address(0x6EA45F810000) looks weird like usually, we allocated buffer via malloc or VirtualAlloc, the virtual address should look like 0x17C7CAC0000 0x23BE9D80000 0x19FE76F0000 or some sort of these. it’s because the malicious PML4 entry is not involved to the memory manager of windows, and is not managed as well. of course every virtual address on Windows 64-bit process could possibly have any value within a range of user memory range. So if we look into both addresses… [hide][Hidden Content]]
  4. OfficePurge VBA purge your Office documents with OfficePurge. VBA purging removes P-code from module streams within Office documents. Documents that only contain source code and no compiled code are more likely to evade AV detection and YARA rules. Read more here. OfficePurge supports VBA purging Microsoft Office Word (.doc), Excel (.xls), and Publisher (.pub) documents. Original and purged documents for each supported file type with a macro that will spawn calc.exe can be found in the sample-data folder. [hide][Hidden Content]]
  5. EvilDLL v1.0 Malicious DLL (Win Reverse Shell) generator for DLL Hijacking [HIDE][Hidden Content]]
  6. . hhh hhhhhhh hhhhhhhh hhhhhhhh+ hhhhhhhh' hhhhhhhh. hhhhhhhhh ..-- hhhhhhhhh -sh/.. +. hhhhhhhhh: /+/:-/+ss-` hhhhhhhhhh: /MMM`ss:``.` hhhhhhhhhh: .MMMMM: hhhhhhhhhhhhhhhhh: MMMMMMM: hhhhhhhhhhhhhhhh: MMMMMMMMMMMMM: hhhhhhhhhhhhhhhh` :NNm:odh/oMMMNs. hhhhhhhhhhhhhhhh` ./:`smdo+oos++- `++sNMMMMMNmh+ .-y-` ` :. / -dmddhhhhh- o/- `//o/ /M/ `+hhhhhhhh` /o :yosmy +y .`.hhhhhhhho +` /../.: `.y::hhhhhs:` ` `+yys` .sy` /oohhy: `/:s/-`` `.hh` ..` ` y+ .hNNmmNdymmmmds` :- hs. ``.. :y- ` -hhmNmddm+ . `NMMMMMMm ` `oMMy `. /Md- :o MMMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMM. `MMMMMMMMMMMMM. :sNMMMNMdo: ``+m:/- ` GodOfWar - Malicious Java WAR builder. A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. [HIDE][Hidden Content]]
  7. Since some members on here have started creating "builders" of CVE 2018-20250 and starting to charge money from people who cant use the public CVE themself, I decided to make a quickly website which builds a malicious rar file for you. I did not want to use money on a domain for a free service nor to disclose the server IP so i configured tor and created a onion domain but upon alot of interest, i might make it clearnet and purchase a domain for it, you need either tor bundle or tor browser but tor browser is recommended if you are a network dummy. Tor Browser can be downloaded here: [Hidden Content] The service is running on this onion domain: [Hidden Content] Here can some articles be found: [Hidden Content] [Hidden Content] The RAR-file that can be downloaded contain your malicious file that you uploaded to begin with so dont extract the RAR content on your machine and if you do so then navigate to startup folder and delete the executeable file called evil.exe to remove your malware from startup. Spread the word to stop the script kiddies from charging money for public CVE's and also happy spreading.
  8. A simple html program to take screenshots of websites or use it as a screenshot proxy for malicious URLs. Download: (Updated 03/03/2019) [Hidden Content] Virus Scan: [hide][Hidden Content]] Source code: <html> <title>Simple URL Image Proxy</title> <body bgcolor="black"> <center> <br> <h1><font color="white">Simple URL Image Proxy</font></h1> <br> <form action="[Hidden Content]?" target="frame"> <input type="hidden" name="key" value="4ba62b"> <input type="hidden" name="dimension" value="640x480"> <input type="hidden" name="device" value="desktop"> <input type="hidden" name="format" value="jpg"> <input type="hidden" name="cacheLimit" value="1"> <input type="hidden" name="delay" value="0"> <input type="text" name="url" value="" placeholder="ex: [Hidden Content]; <input type="submit" name="submit" value="Visit!"> </form> <iframe name="frame" frameborder="0" height="480" width="640"></iframe> </center> </body> </html>
  9. 1337day-Exploits

    Malicious Git HTTP Server

    This Metasploit module exploits CVE-2018-17456, which affects Git versions 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1 and lower. When a submodule url which starts with a dash e.g "-u./payload" is passed as an argument to git clone, the file "payload" inside the repository is executed. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized. View the full article