Friday, February 22, 2013

IHack 2013 13-14 April. Ready t0 0wned?




It's 2013 and Mayan Prediction failed again.  But we know in a competition  winner = awessome, losing= sucks.


Once again, we are proud to be selected as the community who will be the the Uitm IHACK 2013 . Two categories.

1. Attack and Defense Style ( Headache mode)

2. Forensic ( Jeopardy mode).


If you are a IPT students without much cash . Here is a good chance to grab some bucks and fame. The min average  of inflation  in this country is 5%. So better get used to the money.

Hints and Tips:?

1. The usual Network Keys.
2. Enter the VM worlds,  (we got plenty of it)
3. If you know function as  a special subroutine with local variables and return value. Yeah u might got the kick.
4. Think outside the box




Sunday, February 10, 2013

Hiding the Wolf inside a sheep.

If u follow my post previously, if you run hunnybunny  even when using shortcut it will create something like this.


A command prompt... We don`t actually like command prompt since it defeat the purpose of silent backdoor.

In Linux we can easily background a process simply by issuing command & . But in Windows nah no such thing.

How can we background a backdoor process  in this case?
Simple, by treating our console application as  a windows application!!!
So we include  the nesccary windows header file to build a gui apps
Declare the procedure and set
/** mark the windows invisible **/
  ShowWindow (hwnd, 0);

Smack our original code in main function  and we are good to go.


Download: http://www.sendspace.com/file/by8b01



HunnyBunny: Execute any shellcode on the




The philosophy of a gun.

A gun is dangerous if there is a bullet inside it.
A bullet is dangerous if it were shot from a gun.

Thus if we managed to separate both gun and bullet , both would appear to be harmless althought their nature is a bit violence.

HunnyBunny follow the philosophy of a gun. It acts as a platform that can be used to execute raw shellcode in a file. You can use hunnybunny to

- Evade Antivirus (Most of em )
- Test shellcode functionality (Does it work properly or not)
- Execute alpha/numeric based shellcode with ease 

- Works around well with DEP/NX bit set on .

Download  binary and instruction slides :)

http://www.sendspace.com/file/kijzpf

Videos Tutorial:








It's similliar to http://bernardodamele.blogspot.com/2011/04/execute-metasploit-payloads-bypassing.html