C/C++, Hacking, Post-Exploitation, RedTeaming

HTTP – Get the external IP address in C

The following code snippets is from Post-recon project. This project is a work in progress. Please visit GitHub for the full source code, in this post I will just point out the most interesting parts. Get Public IP address (HTTP)   {…}   #define PUBLIC_IP_URL "http://ipecho.net/plain"   {…}   int LibCurl::GetPublicIPv4Address(char **ip, const char *userAgent, …

C/C++, Hacking, Post-Exploitation, Programming

Generating a unique machine id

The following code snippets is from Post-recon project. This project is a work in progress. You can check Github for the full source code, here I will just point out the most interesting parts. Current source code Generate computer unique ID Architecture Windows OS version Cpu Gpu is admin? MotherBoard Chassis Type Username PC name …

Rootkits

Open source Windows kernel driver loader

Windows kernel driver loader If you write Windows kernel drivers, this GUI-based tool will allow you to register your kernel driver easily, by creating a new System service and makes it easy for you to start your driver without rebooting, during the development stage of your project. Tech stack C/C++ QT 5 (Visual Studio 2015 …

C/C++, Programming

Build Standalone Qt Application for Windows

Download Visit http://info.qt.io/download-qt-for-application-development Select “Get your open source package“ Click “View All Downloads“ Download source package for Windows users as a single zip file (565 MB) Build a static version of Qt using Microsoft Visual Studio Download and Install Perl (http://www.activestate.com/activeperl/downloads). Download and Install Python (https://www.python.org/downloads/). Make sure that Microsoft Visual Studio is installed. Create …

C/C++, IDE, Programming

Qt – Cross-platform software development

Download Visit http://info.qt.io/download-qt-for-application-development Select “Get your open source package“ Click “View All Downloads“ To build x86 binaries, download Qt 5.8.0 for Windows 32-bit (VS 2015, 1.0 GB) To build x64 binaries, download Qt 5.8.0 for Windows 64-bit (VS 2015, 1.0 GB) Beautifying Source Code Download Artistic Style Extract astyle to e.g. Documents Open qt creator …

Hacking, Malware

Some notes on rootkits – Part 1

Rootkit major features Maintain access Conceal existence through stealth Rootkit types User-mode Kernel-mode User-mode rootkit main injection techniques Windows hooks CreateRemoteThread + LoadLibrary() CreateRemoteThread + WriteProcessMemory() Hooking techniques Import Address Table hooking Inline function hooking Rings Ring 3 – user-mode Ring 0 – kernel-mode Ring -1 – hypervisor Bridging the rings SYSENTER System call Interrupt …

Hacking, Malware

Some notes on malware – Part 2

Keyloggers Software based. Hardware based. User/Kernel based. Windows/Linux based. Hook based. Typical install locations This is rather a long list, a few examples follow: Windows Application Data\Microsoft\ System\filename.dll Program Files\Internet Explorer\filename.dll Program Files\Movie Maker\filename.dll All Users Application Data\filename.dll Temp\filename.dll Linux /bin/login /bin/.login /bin/ps /etc/ /etc/rc.d/ /tmp/ /usr/bin/.ps /usr/lib/ /usr/sbin/ /usr/spool/ /usr/scr/ Local Drives installation Malware …

Hacking, Malware

Some notes on malware – Part 1

The Motivation Behind Malware these days This is rather a long list but it can be narrowed down to the following: Steal sensitive data (identity theft, illegal immigration, terrorism, drug trafficking, blackmail, etc). Banking fraud (credit card fraud, etc). Spamming. Espionage. Advertisements/Click fraud. Medical insurance fraud. Money. Propagation Techniques Social Engineering (emails, spamming, phishing, office …

Penetration Testing

Debugging Telegram

Debug Mode To enable debug mode, type debugmode in the settings page of Telegram desktop and confirm it. Log files * /home/username/.TelegramDesktop/log.txt * /home/user/.TelegramDesktop/DebugLogs/tcp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/mtp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/log_xx_xx.txt To disable the debug mode, type in debugmode again. Burp Proxy Intercept * Open Telegram settings -> Advanced settings -> Connection type -> HTTP with custom http-proxy. …