UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
July
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Page 2 of 2 < 1 2
Topic Options
Rate This Topic
#15017 - 07/22/02 01:33 PM Re: Hax0ring Windows security software
Paragon Offline
Member

Registered: 06/14/02
Posts: 168
What do you mean, "within socket restrictions?"

Top
Sponsored Links
      
#15018 - 07/22/02 03:11 PM Re: Hax0ring Windows security software
James Offline
Junior Member

Registered: 07/17/02
Posts: 9
For a few hours last night,I was trying to give my process more privileges to see if I could in fact write to other processes in memory.
I realised today that I would probably have to use VirtualProtectEx to un-protect atleast 2 pages of protected memory in most of the processes.
However,while I was trying to open some system process using OpenProcess for PROCESS_VM_OPERATION,it failed.
Using OpenProcessToken and adjusting the privileges didn't seem to make a difference.
But it is said to work on others..maybe this was an earlier build of win2k than mine.
I don't know how to run code in another process,but yes, its possible to run Threads if you have enough access to the process,you allocate memory using VirtualAlloc on the process you want to use,copy your code to that allocated memory and use CreateRemoteThread.
There is a way on Windows 9x to hide any process not only from the Task Manager using RegisterServiceProcess but from the system itself by hooking Process32First/Process32Next API's
I don't know how to do the latter,but a coder called Vecna demonstrates it in a program he wrote,I haven't been able to test it.
Vecnas site is down at the moment,so I can't provide a link.
I was playing with SetWindowsHookEx yesterday to do a global keyboard hook and log to a file.
I didn't get it to work yet,I'm still playing with it.
There are ways to hide listening sockets from netstat probably on Win9x in the same way you would hiding processes,I haven't really looked into that.
I did see an easy way to get files from other computers over the network,like from a www/ftp server using API's from WININET.DLL
Disassemble it,or any DLL file for that matter,and you'll see loads of API's
Then go to http://msdn.microsoft.com/ and search for them,you might find out how they work,alot easier than using BSD sockets,it you only require www/ftp connection.

Top
#15019 - 07/22/02 03:40 PM Re: Hax0ring Windows security software
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
"There is a way on Windows 9x to hide any process not only from the Task Manager using RegisterServiceProcess but from the system itself by hooking Process32First/Process32Next API's
I don't know how to do the latter,but a coder called Vecna demonstrates it in a program he wrote,I haven't been able to test it."


Ah, man, what an awesome idea. I also have no idea how they hooked the API... *pauses a moment to think*... Well, you could simply rename the dll the API is stored in, and insert your own dll which acts as a redirect to the real dll - making sure the process you wish to hide doesn't get returned. I've seen this technique employed with a wsock32.dll clone. What a deceptively simple idea!

"I was playing with SetWindowsHookEx yesterday to do a global keyboard hook and log to a file.
I didn't get it to work yet,I'm still playing with it."


Man, hook me up if you get it working. I have made a dll in ANSI-C which does that... everything works if all I wanted was a local hook... *sigh*

"I did see an easy way to get files from other computers over the network,like from a www/ftp server using API's from WININET.DLL"

yep, I've used that before.

"Disassemble it,or any DLL file for that matter,and you'll see loads of API's"

Actually, why disassemble it? Do you have Visual Studio? Use their utility called "Depends". It is really sweet. You can see what API's is exported from a dll and much more.

Reply to Paragon:

BSD sockets (and winsock which was based off of it) was designed as a interface between the network and the application. The operating system managed the sockets, and the application calls API's to make use of those sockets. One of the rules the developer required is that two applications may not listen on the same port.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#15020 - 07/23/02 12:32 PM Re: Hax0ring Windows security software
James Offline
Junior Member

Registered: 07/17/02
Posts: 9
I don't have Visual Studio, and my Win32 API documentation is for Win3.1/Win95/NT4.
So,yeah,I know you don't have to disassemble any DLL files if you have updated docs.
Somtimes though,you will find undocumented API's inside these files,that you won't or can't get information for on say..the MSDN library CD-ROM's or microsofts site that i mentioned.When I get the the keyboard hook program to work properly,i'll let you know.
I have a Visual C++ keyboard hook example,also a mouse hook example for MASM32 if those are any good to you?

Top
#15021 - 07/23/02 01:15 PM Re: Hax0ring Windows security software
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
nah, I've seen keyboard hook code in VC++ as well - but for some reason my ANSI-C code doesn't. It's quite perplexing. I've learned and seen all I can learn and see about global hooks - it just doesn't work! aaaaaaaaaaaaaaargh!

And I wouldn't touch VC++ with a 10 foot ****, well, especially not with a 10 foot ****... heh... It annoys me.

Another global hook I'd like to make is a message hook. You can do some serious app hacking with that baby.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#15022 - 07/23/02 10:59 PM Re: Hax0ring Windows security software
dashocker Offline
Member

Registered: 03/05/02
Posts: 524
Loc: Cornfields everywhere...
just curious, what are these global hooks?

Top
#15023 - 07/23/02 11:31 PM Re: Hax0ring Windows security software
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#15024 - 07/23/02 11:33 PM Re: Hax0ring Windows security software
dashocker Offline
Member

Registered: 03/05/02
Posts: 524
Loc: Cornfields everywhere...
lol
fuck you

Top
#15025 - 07/25/02 12:23 AM Re: Hax0ring Windows security software
Paragon Offline
Member

Registered: 06/14/02
Posts: 168
Correct me if I'm wrong, but hooks are essentially the parts where the OS interfaces with the hardware right? If you can intercept the hooks you can control the OS.

Top
#15026 - 07/30/02 02:24 PM Re: Hax0ring Windows security software
infected9x Offline
Junior Member

Registered: 07/20/02
Posts: 4
Loc: none
you can make security plugins for all windows boxes go to http://www.download.com and download this program called x-setup its a great program for fixing windows crap and security probs and you can also download the plugin maker for it above the download [Machine] [Bust a Cap] <
Top
#15027 - 07/30/02 02:31 PM Re: Hax0ring Windows security software
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
actually, not quite. A hook is where you intercept interchange between the system and the hardware or between any one thing and another. Hooks are created by programs.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#15028 - 08/06/02 10:22 PM Re: Hax0ring Windows security software
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
James. pergesu showed me this link. With this info you can give any application system permissions on any windows platform. I read it through and understand it completely. I think you will to.

http://security.tombom.co.uk/shatter.html
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#15029 - 08/14/02 06:08 PM Re: Hax0ring Windows security software
Paragon Offline
Member

Registered: 06/14/02
Posts: 168
Thanks for the link! Great reading, I'm learning all kinds of interesting stuff. Got any more?

Top
#15030 - 10/13/02 05:26 AM Re: Hax0ring Windows security software
Satori Offline
Junior Member

Registered: 10/12/02
Posts: 10
Loc: San Antonio, Texas
Yeah, the problem comes when two apps attempt to grab the same port. One app can listen on one port and then filter the incoming data to different worker threads so that it has numerous functions being handled by one port (webservers and name-based hosting come to mind).

As for the question about remote DOS windows - no need to write your own, mate. RCMD has been around since NT 3.51, and is free for download from MS as part of the publically available resource kit. Not too hard to slip it into something else, too, as it's small and lightweight...

I can tell I've got alot to learn from you guys. I've been fending off hackers for years, without ever programming. I know alot about the tools and processes you guys utilize, and about the exploits that your custom code exploits, but I'm just now taking my first baby steps into writing my own stuff. Keep on posting good information! I'm learnign alot.

-Satori

Top
Page 2 of 2 < 1 2

Featured Member
Registered: 08/21/13
Posts: 1
Forum Stats
2145 Members
46 Forums
33536 Topics
68703 Posts

Max Online: 1567 @ 04/25/10 10:20 AM
Top Posters
UGN Security 26699
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jimmie Menon, fghijk435948, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 542 Guests and 319 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!