Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      Tutorial On modding Level 0 For beginners

      Recommended Posts

      Staff

      The antivirus software uses two methods to protect our PC: 1 - Analyze the files comparing them with the database of malicious software (Signatures) would be like a police reconnaissance wheel or when trying to identify a criminal with a photo: The antivirus compares each file on the hard drive with a "dictionary" of known viruses. If any piece of code (signatures) in a file on the hard drive matches the virus known in the dictionary, the antivirus software comes into play and 2 the constant monitoring of the behavior of files that may be infected. 


      For example 

      Seeing it from Binary, let's suppose that for Avast this code is a virus signature "12 55 40 05" when analyzing the binary and find this: 

      Hidden Content

        Give reaction to this post to see the hidden content.


      Automatically Skip as a virus 


      Av Fucker Method 

      With this method we will look for the signature and we will change its code so that Avast or any antivirus does not recognize it anymore 


      Code detected as virus 

      Hidden Content

        Give reaction to this post to see the hidden content.



      Modified code indented 

      Hidden Content

        Give reaction to this post to see the hidden content.



      It's simple right? the issue is that when we modify one of those numbers (offset) it has to be functional 


      Let's see it Step by step 


      Step 1 tools 

      Undetectable offset locator 2.6 (is that I use but can be any locator) 
      Hex Workshop 
      This Crypter: LVL23 Crypter
      I used this little ball: LVL23 Ball

      Step 2 

      We grab the crypter and encrypt a small ball 

      Step 3 


      We open in offset locator and in "file" we choose the ball and in "directory" the folder where we will create the offsets (Create a new folder and call it offsets) in initial bytes we put "100" and fill in the number "90" 

      Hidden Content

        Give reaction to this post to see the hidden content.


      It would have to stay more or less ASi 

      Hidden Content

        Give reaction to this post to see the hidden content.


      We start and wait for it to finish creating the offset ... When finished we scan the offset folder with Avast and delete the detected ones 

      Step 4 

      Let's show offset 

      Hidden Content

        Give reaction to this post to see the hidden content.


      and we double click on the range that appears 2370 - 2410 

      now the locator will stay like this 

      Hidden Content

        Give reaction to this post to see the hidden content.


       

      Share this post


      Link to post
      Share on other sites
      Staff

      We delete all the files in the offsets folder and we give it again to start then we scan with Avast the offsets folders delete the detected ones and we would have these offsets 

      Hidden Content

        Give reaction to this post to see the hidden content.




      We click to show offsets again 


      Hidden Content

        Give reaction to this post to see the hidden content.



      And we chose the rank 2370 - 2410 

      the locator will remain like this: 

      Hidden Content

        Give reaction to this post to see the hidden content.


      We delete the files of the offset press and start again ... scan with avast ... we delete the detected ones 

      and we have these offsets 

      Hidden Content

        Give reaction to this post to see the hidden content.


      When we are 1 byte 

      we must try what works ... 

      We open the first 2380 

      And ... Perfect works 

      Hidden Content

        Give reaction to this post to see the hidden content.


      How do we know if it works? if you have to open the little ball that we encrypt ... 

      Step 5 

      We open the hex workshop 
      We open the stub 
      Right button 
      Goto 
      offset 
      and we put the one that was functional 2380 

      Hidden Content

        Give reaction to this post to see the hidden content.



      We change the number that appears in that offset by the number that we put in "fill in" 

      Hidden Content

        Give reaction to this post to see the hidden content.


      Hidden Content

        Give reaction to this post to see the hidden content.


      And we save File Save as ... 

      Stub modifica.exe 

      We scanned the stub and .... 


      Hidden Content

        Give reaction to this post to see the hidden content.



      Well this is the most basic if you have questions ask ... in a few days we move ...

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What you'll learn
              We are also giving you study material as pdf in our course .
              The very latest up-to-date information and methods.
              Practical Ethical Hacking and Penetration Testing Skills
              Fun With Ethical Hacking Guide In Android Termux Tutorial
              A complete tutorial explaining how to build a virtual hacking environment, attack networks, and break passwords.
          Requirements
              Only Basic Knowledge About Internet & Android
              NO previous hacking knowledge required
          Description
          Welcome to my course Learn Ethical Hacking With Termux : Android Tutorial 2021.
          In this course you will learn how to Hack and Secure with termux with your Android device from scratch, you don't need to have any prior knowledge about Hacking,  Linux, Android and even Computers. This course is highly practical but it won't neglect the theory; we'll start with ethical hacking basics. In this course, you will learn the practical side of ethical hacking.This course is designed for everyone out there who want to learn how to learn ethical hacking in new and fun way with Android devices.
          This Course Includes Complete Termux Tutorials In Ethical Hacking & Information Security.
          Features :-
              It allow you to ssh your remote server via openssh.
              You can also ssh into your android devices from any remote system
              You could choose any shells such as BASH, ZSH AND FIST ETC
              You can choose different text editor such as emacs, nano. and vim to edit/ view files.
              Install any packages of your choice in your android devices using apt packages manager. up to date version of git, perl, python, ruby and node. js are all available.
              Connect your android device with a bluetooth, keyboard, mouse and external display and use it like a convergence device.
              Termux supports keyboard shortcuts.
              Termux allows you to run almost all GNU/ LINUX Commands.
          Important notice -
          We are also giving you study material as pdf in our course . you can download it when you enroll in our course.
          Who this course is for:
              Beginner students
              Students curious about Ethical Hacking and Information Security
              Anybody interested in learning how hackers hack the systems
              Person who want to learn ethical hacking with Termux.
              We are also giving you study material as pdf in our course . you can download it when you enroll in our course
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
          Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
          Core Components
          Logstash – Parse and format logs.
          Elasticsearch – Ingest and index logs.
          Kibana – Visualize ingested log data.
          Auxiliary Components
          Curator – Manage indices through scheduled maintenance.
          ElastAlert – Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information.
          FreqServer -Detect DGAs and find random file names, script names, process names, service names, workstation names, TLS certificate subjects and issuer subjects, etc.
          DomainStats – Get additional info about a domain by providing additional context, such as creation time, age, reputation, etc.
          Changelog v2.3.30
                  Zeek is now at version 3.0.13.
                  CyberChef is now at version 9.27.2.
                  Elastic components are now at version 7.10.2. This is the last version that uses the Apache license.
                  Suricata is now at version 6.0.1.
                  Salt is now at version 3002.5.
                  Suricata metadata parsing is now vastly improved.
                  If you choose Suricata for metadata parsing, it will now extract files from the network and send them to Strelka. You can add additional mime types here: https://github.com/Security-Onion-Solutions/securityonion/blob/dev/salt/idstools/sorules/extraction.rules
                  It is now possible to filter Suricata events from being written to the logs. This is a new Suricata 6 feature. We have included some examples here: https://github.com/Security-Onion-Solutions/securityonion/blob/dev/salt/idstools/sorules/filters.rules
                  The Kratos docker container will now perform DNS lookups locally before reaching out to the network DNS provider.
                  Network configuration is now more compatible with manually configured OpenVPN or Wireguard VPN interfaces.
                  so-sensor-clean will no longer spawn multiple instances.
                  Suricata eve.json logs will now be cleaned up after 7 days. This can be changed via the pillar setting.
                  Fixed a security issue where the backup directory had improper file permissions.
                  The automated backup script on the manager now backs up all keys along with the salt configurations. Backup retention is now set to 7 days.
                  Strelka logs are now being rotated properly.
                  Elastalert can now be customized via a pillar.
                  Introduced new script so-monitor-add that allows the user to easily add interfaces to the bond for monitoring.
                  Setup now validates all user input fields to give up-front feedback if an entered value is invalid.
                  There have been several changes to improve install reliability. Many install steps have had their validation processes reworked to ensure that required tasks have been completed before moving on to the next step of the install.
                  Users are now warned if they try to set “securityonion” as their hostname.
                  The ISO should now identify xvda and nvme devices as install targets.
                  At the end of the first stage of the ISO setup, the ISO device should properly unmount and eject.
                  The text selection of choosing Suricata vs Zeek for metadata is now more descriptive.
                  The logic for properly setting the LOG_SIZE_LIMIT variable has been improved.
                  When installing on Ubuntu, Setup will now wait for cloud init to complete before trying to start the install of packages.
                  The firewall state runs considerably faster now.
                  ICMP timestamps are now disabled.
                  Copyright dates on all Security Onion specific files have been updated.
                  so-tcpreplay (and indirectly so-test) should now work properly.
                  The Zeek packet loss script is now more accurate.
                  Grafana now includes an estimated EPS graph for events ingested on the manager.
                  Updated Elastalert to release 0.2.4-alt2 based on the https://github.com/jertel/elastalert alt branch.
                  Pivots from Alerts/Hunts to action links will properly URI encode values.
                  Hunt timeline graph will properly scale the data point interval based on the search date range.
                  Grid interface will properly show “Search” as the node type instead of “so-node”.
                  Import node now supports airgap environments.
                  The so-mysql container will now show “healthy” when viewing the docker ps output.
                  The Soctopus configuration now uses private IPs instead of public IPs, allowing network communications to succeed within the grid.
                  The Correlate action in Hunt now groups the OR filters together to ensure subsequent user-added filters are correctly ANDed to the entire OR group.
                  Add support to so-firewall script to display existing port groups and host groups.
                  Hive init during Setup will now properly check for a running ES instance and will retry connectivity checks to TheHive before proceeding.
                  Changes to the .security analyzer yields more accurate query results when using Playbook.
                  Several Hunt queries have been updated.
                  The pfSense firewall log parser has been updated to improve compatibility.
                  Kibana dashboard hyperlinks have been updated for faster navigation.
                  Added a new so-rule script to make it easier to disable, enable, and modify SIDs.
                  ISO now gives the option to just configure the network during setup.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. ConPtyShell is a Fully Interactive Reverse Shell for Windows systems.
          The introduction of the Pseudo Console (ConPty) in Windows has improved so much the way Windows handles terminals. ConPtyShell uses this feature to literally transform your bash in a remote powershell.
          Briefly, it creates a Pseudo Console and attaches 2 pipes.
          Then it creates the shell process (default powershell.exe) attaching the Pseudo Console with redirected input/output.
          Then starts 2 Threads for Async I/O:
          – one thread for reading from the socket and writing to Pseudo Console input pipe;
          – the second thread for reading from the Pseudo Console output pipe and writing to the socket.
          ConPtyShell isn’t an “Upgrade to fully interactive” method for your reverse shell, just use it as your reverse shell 🙂
          If you want to know further information regarding ConPty you can find a great article [1] in the references section.
          NOTE: ConPtyShell uses the function CreatePseudoConsole(). This function is available since Windows 10 / Windows Server 2019 version 1809 (build 10.0.17763).
          Changelog v1.3
          Added
              Added a magic flag “upgrade” that allows to upgrade the current shell in a fully interactive shell. It uses Socket Hijacking technique to catch the socket used by the shell enhancing it with the ConPty.
          Changes
              Changed the usage of the sockets, going from C# sockets to native Winsock

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. About This File
          Features:
              Create modern looking borderless and resizable GUIs with control buttons (Close,Maximize/Restore,Minimize, Fullscreen, Menu)
              True borderless, resizeable GUI with full support for aerosnap etc.
              Many color schemes/themes included. See MetroThemes.au3 for more details.
              2 type of Windows 8/10 style buttons.
              Modern checkboxes, radios, toggles and progressbar.
              All buttons, checkboxes etc. have hover effects!
              Windows 10 style modern MsgBox.
              Windows 10/Android style menu that slides in from left

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. XeroChat, a multichannel marketing application, is the ultimate white-label SaaS software with an all-in-one solution for your business to grow. It offers all-powerful tools like Facebook Messenger Chatbot, Facebook Comment Auto Reply & Private Reply, Facebook Auto Comment Tools, Instagram Posting, Instagram Auto Comment Reply, Complete E-commerce Solutions inside Messenger & Outside Messenger, Restaurants Food Ordering inside Messenger & outside Messenger,Contactless QR Menu/Catalog Generate for Food order or Ecommerce Purchase, Social Media Posting, SMS Marketing, Email Marketing & many other features. Therefore, XeroChat is the best choice for your daily marketing solutions..
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.