• Content count

  • Joined

  • Last visited

  • Days Won


cracksman last won the day on March 26

cracksman had the most liked content!

Community Reputation

106 Excellent

1 Follower

About cracksman

  • Rank
    Super Moderator
  • Birthday 07/25/1990

Recent Profile Visitors

19,793 profile views
  1. wow you're still here more than a quinquennium later. neato

  2. I would assume it's because too many people are ripping sources and running bot-nets without having any knowledge of that they are doing. I think passionate "hackers" still exist but they are just waiting for a new era of "hacking" that doesn't rely on 2000-era snippets.
  3. just remove the comma after the link.
  4. well, is up now, but its likely to fall offline in the next month or two.
  5. //edit oh so it works now?! if so, ignore the following. Does it display if you use the following? RtlStringCbPrintfA(Message, ...); DbgPrint("%d:%s", sizeof(Message), Message); if so then try it right before ZwWriteFile BOOLEAN WrPipe(void* pBuf, ULONG bufSize) { //* code code code //... DbgPrint("Pipe 2 Writeing"); DbgPrint("%d:%s", bufSize, pBuf); ntStatus = ZwWriteFile(...); } I'm beginning to think it's an issue casting or de-refrencing the string. according to @Protocol after a few more posts you should be auto-approved. it's to prevent spam, sorry :<
  6. Good work, glad it's working! where is this code at? it's interesting that the correct number of bytes are received but nothing shows, is your receive buffer allocated?
  7. // Break if the pipe handle is valid. if (hPipe != INVALID_HANDLE_VALUE) { DbgPrint("Invalid Handle"); break; } (hPipe != INVALID_HANDLE_VALUE) would be a valid pipe. otherwise it looks fine i recommend you make sure you are receiving the same data types as you are sending it looks like you are sending two ULONGs, and then a Pointer, so make sure the other ends ReadFile uses a ULONG as it's buffer (2x), then PVOID. i cant help too much more without somehow compiling drivers in delphi, sorry :<
  8. hmm, Unfortunately Delphi can't compile drivers, so I have no way of testing this for you. If you run the driver in user-land is it able to communicate properly? (just for confirmation). some minor things I noticed: kernel pipes must begin with \\??\\ because it's a Unicode string.(according to the internet) MSDN shows RtlInitUnicodeString is obsolete and suggests using RtlUnicodeStringInit instead. ZwCreateFile doesn't have any error checking. you skip from ZwCreateFile to ZwWriteFile then check ntStatus. just to be clear the driver is running in a system thread context, right?. ZwCreateFile 's ObjectAttributes [in] states Otherwise it looks good; try this out and get back to me with results! edit: also noticed that you specify "sizeof(&pBuf)" in ZwWriteFile() which is the size of a pointer (4bytes), and not the length of pBuf
  9. not an example but, I believe that the Atom functions are for passing information between kernel and user modes. I can look into it a little bit later but i gotta run to class Edit: Super easy stuff here; (note im using strings but you can pass int's by appending a # for example '#1234' ) GlobalAddAtom(), and GlobalFindAtom() is all you need; However, for my example both apps are in user mode and I simply display the Atom and type it into the second, which defeats the point... you may want to use a named Pipe but I'm not sure if they work across kernel/user modes. I'll whip up a "named pipe" example in a sec, hang tight for edits. Edit2: Alright Pipes; again not sure if this works across user/driver but give it a shot. Read from a pipe program pipe; {$APPTYPE CONSOLE} {$R *.res} uses Windows, System.SysUtils; Var hPipe : THandle; cbRead : DWORD; lpPipeName : LPCWSTR = '\\.\pipe\ic0de'; BufSize : DWORD = 255; lpText : LPCWSTR = 'Hello world'; lpBuffer : array [0..255] of WCHAR; fSuccess : boolean = False; begin try hPipe := CreateNamedPipe(lpPipeName, PIPE_ACCESS_DUPLEX, //The pipe is bi-directional PIPE_TYPE_MESSAGE or PIPE_READMODE_MESSAGE or PIPE_WAIT, //treat as messages (vs byte stream), blocking PIPE_UNLIMITED_INSTANCES, BufSize, BufSize, 0, nil); ConnectNamedPipe(hPipe, Nil); //blocking; wait for "Write" end to open. repeat fSuccess := ReadFile(hPipe, lpbuffer[0], sizeof(lpBuffer), cbRead, Nil); //Read the data IF (fSuccess = True) then //was the read sucessful? Writeln(lpBuffer); //yes, write to screen until (GetLastError <> ERROR_MORE_DATA); //^ incase there are more than 255 bytes, loop and read the next chunk/ note this will overwrite the previous buffer CloseHandle(hPipe);// all finished, clean up. readln; { TODO -oUser -cConsole Main : Insert code here } except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end. Write To a Pipe program Project1; {$APPTYPE CONSOLE} {$R *.res} uses Windows, System.SysUtils; Var hPipe : THandle; cbWritten : DWORD; lpPipeName : LPCWSTR = '\\.\pipe\ic0de'; lpText : LPCWSTR = 'Hello world'; begin try hPipe := CreateFile(lpPipeName, GENERIC_WRITE, 0, Nil, OPEN_EXISTING, 0, 0); //^ Open the Pipe. note: this triggers ConnectPipe is the other program IF (HPipe = INVALID_HANDLE_VALUE) Then //is it valid? Writeln(GetLastError); //if HPipe fails you will want to error check and/or loop to open it again, //but, im lazy and this is an example so we're are going to skip that and write anyways. WriteFile(hPipe, lpText[0], length(lpText)*Sizeof(WCHAR), cbWritten, Nil); //Write some Data to the pipe writeln(lptext);//just for fun, also print the data to the screen readln;//pause except on E: Exception do Writeln(E.ClassName, ': ', E.Message); end; end. note: make sure you run the "Read" example before the "Write" example. the "read" example opens a pipe and waits for data; whereas the "write" just writes and exits. ugh, Edit 3; since you want to pass integers, you have two options that I can see. 1) just change the buffer to send/recive an integer rather than LPCWSTR, so like var buffer: integer; begin ... WriteFile(hPipe, Buffer, sizeof(buffer), written, Nil); OR Create a structure with multiple numbers and send that. type BunchONumbers = record one : Int32; two : Int32; end; var nums = BunchONumbers; begin := 1337; nums.two := 65535; WriteFile(hPipe, nums, sizeof(nums), written, Nil); ... ReadFile(hPipe, nums, sizeof(nums), written, Nil); var1 :=; var2 := nums.two
  10. it just runs through a list of default and simple passwords like Admin and 1234 you can see them in /headers/netspread.h edit: can enyone explain what the shellcode in exploit.ccp does? it's binding to RPC, but how?
  11. As you can all see we've updated to IPB, and in doing so, we need a new theme! i've been browsing around and found these two which I like, but hey we're a community and should decide together, right? Dark theme: EDIT changed my mind, I just found this one which I find pretty nice, it's an odd layout but that's why I like it, this would work expecally well if we could integrate some type of paste-bin or GitHub for code it would be fantastic, don't ya' think? again these are just my opinions, if you know of a better one please let us know!
  12. so, do you know how to debug? click the area next to the code to set a breakpoint, (clicking it a second time will remove it). when you rin the code it will stop execution when it gets here. Press f7 to step into the function, and then press f8 to step over code. you can mouse over variables to see their content. so the first issue is that you called setstring(), without calling setlength() first. so you were writing "stream.size" of data, into a string that was 0 chars long, causing a crash. intrestingly, on the following line you cast the first char if the string into a pointer, which is literally the same pointer as Stream.memory. rather than moving it into a string I simply changed Stream := TMemoryStream.Create; Stream.LoadFromFile(ParamStr(0)); SetString(NewFileData,Stream.Memory,Stream.Size); ResourcePointer := @NewFileData[1]; to Stream := TMemoryStream.Create; Stream.LoadFromFile(ParamStr(0)); ResourcePointer := Stream.Memory; after compiling again, it successfully executed all the way into maplibrary() Unitinjectlibrary, line 360. SectionBase := VirtualAlloc(PSections[sectionLoop].VirtualAddress + PChar(ImageBase), VirtualSectionSize, MEM_COMMIT, PAGE_READWRITE); FillChar(SectionBase^, VirtualSectionSize, 0); and is crashing because VirtualAlloc returns Nil, and you are trying to write data to that pointer. (no error checking).. so, I'm going to let you try and fix this one...
  13. what is InjectPointerLibrary()? does it really expect a base address and not a function pointer? what is Buffer? if it's an array of bytes you would need buffer[0], if its a string then buffer[1].
  14. glad to see you here!
  15. yes, learn c#. Worst case scenario is that you learn a new language and can write it on your resume.