E0F

Members
  • Content count

    32
  • Joined

  • Last visited

Community Reputation

14 Good

About E0F

  • Rank
    Member
  • Birthday 01/01/1989
  1. i personally love csharp in general, its a fun language and fairly easy and straight forward. Few rats like xrat was pretty good for using csharp, i havent bothered making anything like it yet but on my todo list.
  2. didnt see the "edit post" to edit the post but heres the screenshot
  3. SourceUploading the PDF from the site above and backing up.Another, will add as i find so people that haven't read them can.Source dotnet-framework-rootkits-backdoors-framework-32954.pdf BlackHat-Europe-2009-Metula-NET-Framework-rootkits-slides.pdf
  4. I know and its old but i saw the dll online and checked it out so figured i'd share what i decompiled.
  5. Glad to see at least blender on his computer, love that program, heres the main computer i stay on, kind of a clean freak. warning: the crypter.com file on my desktop is not in the sense of "crypter.com" but only what i named it.
  6. I Haven't seen any post about this on here so figured I would start it out. Few general use decompilers I've used over the years for both checking files from the web to check things in my own compiled programs. 1. http://www.red-gate.com/products/dotnet-development/reflector/ <--- (this is only a trial software, purchase of full version required.) 2. https://www.jetbrains.com/decompiler/ <-- Free 3. http://ilspy.net/ <-- is the open-source .NET assembly browser and decompiler. just a couple but will add more as i remember them or find others and try out.
  7. Decompiled the DLL i found on the net. anti's.cs: http://pastebin.com/Z0nFrBGJ api.cs: http://pastebin.com/NArNNN5e Rootkits.cs: http://pastebin.com/qT0tHtg7 have the DLL somewhere on my computer, will add it when i find it.
  8. it doesnt hide process yet but i didnt care for that much yet. if i knew a ruby programmer i could probably intigrate it into metasploit/armitage which would be a fun addon
  9. its currently cpu for now but im wanting to put both abilities in it and i havent tested the hash rate for it yet while its silent but im modifing from this template so far https://github.com/lithander/Minimal-Bitcoin-Miner/blob/master/MiniMiner/Program.cs .im also using the idea from http://www.codeproject.com/Articles/672843/Keep-alive-processes-or-preventing-app-termination to create an addition process to make sure the main one doesnt die which is working decently so far. as for the shell on startup (remote cmd) is working but only tested using armitage multi/handler to accept multiple connections.As for the panel im not sure if im going to make a panel for it or if im going to just make a client for it to receive the returned statuses and such. 0/35 detections atm.
  10. what i got so far which is protect process AND COMMAND SHELL as far as now, ill keep going. I have miner running but it has some values i havent understood atm.
  11. Just wondering if theres any other active C# programmers here, wouldnt mind helping out or working on projects with someone, currently working on a silent remote bitcoin miner just for fun atm. Currently have process protect and working on some other things.
  12. Was having bit of fun with protect process earlier and came across this, nice source for fun.http://darkn3ss.com/downloads/KeepAlive.zip KeepAlive.zip
  13. http://www.getcodesamples.com/src/3DBDF847Native Methods: http://www.getcodesamples.com/src/3DBDF847/3C07A0FEhttps://code.msdn.microsoft.com/windowsdesktop/CSUACSelfElevation-5736ee90private void btnElevate_Click(object sender, EventArgs e) { // Elevate the process if it is not run as administrator. if (!IsRunAsAdmin()) { // Launch itself as administrator ProcessStartInfo proc = new ProcessStartInfo(); proc.UseShellExecute = true; proc.WorkingDirectory = Environment.CurrentDirectory; proc.FileName = Application.ExecutablePath; proc.Verb = "runas"; try { Process.Start(proc); } catch { // The user refused the elevation. // Do nothing and return directly ... return; } Application.Exit(); // Quit itself } else { MessageBox.Show("The process is running as administrator", "UAC"); } } BackUp Included UAC self-elevation (CSUACSelfElevation).zip
  14. E0f

    //too short
  15. Web Based, was from another forum but hosting it from a TOR service, if it gets exploited owell. http://2ngpeu4vula3lz6d.onion/Services/
  • Who's Online   0 Members, 0 Anonymous, 72 Guests (See full list)

    There are no registered users currently online