Endless Paradigm

Okay, basically, this shows you how simple it is to get a "virus" (PE file - eg EXEs or DLLs) past a virus scanner.  I've used this to get pwdump2 past the library's Norton A/V many times XD

1. You need a copy of Morphine (alternative link)
   
2. After extracting the package, copy morphine.exe to where the EXEs and DLLs are you want to get past the A/V scanner
   
3. Make a backup copy of your EXEs/DLLs!
   
4. Open Notepad and copy the following:
   
   Code:

   morphine.exe myEXE.exe pause

   ---

   (replace myEXE.exe with the EXE or DLL filename)
   

5. Save this file as r.bat in the same folder as morphine.exe (and your other EXEs/DLLs)
   
6. Run r.bat
   

Your malicious EXE/DLL should now not be detected by any A/V software :P

what does morphine do?

Ooh thanks :)

I will send u a an email shortly with an .exe file.
Please run it on ur computer
Regards:rofl:

wait this is interesting

pwdump2???another question. all the school laptops have a network connection set up for the schools wifi network, which has a WEP pass. can I dump that password from a school laptop so I can connect my own?edit: double you tee eff?

C:\Documents and Settings\Administrator\Desktop\pwdump5>pwdump5.exe -f


[ Pwdump5 ]

Copyright © 2004 AntonYo!
All rights reserved.

Syskey is enabled!
Use the second argument.

C:\Documents and Settings\Administrator\Desktop\pwdump5>pwdump5.exe -f -l -s


[ Pwdump5 ]

Copyright © 2004 AntonYo!
All rights reserved.

SecureBoot :: 0x00
Syskey is disabled.

C:\Documents and Settings\Administrator\Desktop\pwdump5>i tried pwdump2 now, and omg it did nothing but then lsass.exe initiated a shutdown :/ so im like, double you tee eff, >shutdown -a

and it stopped :) phewLOL so weird

i tried again from the cmd prompt
and it said it couldnt find lsass.exe
and yeah it wasn't running!1 double you tee eff i checked taskman, and it gave me this weird donkey screenie:

and when i go to start»shut down it gives me the log off/switch user menu

so ima hard reset it now be right back :D still the same spoon happens :( nowwhatby the way, pwdump2 doesn't output anything
huh strange, i was watching taskman for a few secs and i swear i just saw attrib.exe popping up and closing again for a split sec.. :/ ill let it run

^ Lol.

Ge64 Wrote:what does morphine do?

Rewrites the PE header and a whole load of other stuff.  Basically stuffs up the sigcheck or hash check (or however virus scanners work) of the EXE/DLL.


As for pwdump, try the various versions.  I used to use v2, then newer ones came out - note that they may not necessarily be better.  I believe v6 is the latest.
What it does is dump the Win2000/XP password hashes.  However, If I recall correctly, Power User or above access is required.
It does this by injecting code into lsass.exe, which explains a few things.
Anyways, try just running pwdump2 - if it works correctly, it'll display a whole load of "junk".  Or you can try pwdump6.

This "junk" needs to be decrypted - so just upload it to http://loginrecovery.com/ and it'll do it for you in 2 days.

This only works for the local machine, however, I think there were some variants which allowed network dumping.

yeah that's what i did, first i tried pwdump5 which didnt work then i tried pwdump2 which crashed lsass. im logged in as admin on winxpfark, pwdump4 does the same, just cxrashes lsass.fudge, i started firefox after lsass had crashed and it reset all my settings

Lol.

Something's stuffed on your computer...  lol.

Try these (attatched).

You should be getting something like this:

pwdump3:


C:\Documents and Settings\Administrator\Desktop\pwdump3>pwdump3 localhost

pwdump3 (rev 2) by Phil Staubs, e-business technology, 23 Feb 2001
Copyright 2001 e-business technology, Inc.

This program is free software based on pwpump2 by Todd Sabin under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation.  NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM.  Please see the COPYING file included with this program (also
available at http://www.ebiz-tech.com/pwdump3) and the GNU GPL for further details.

Logon to \\localhost\ADMIN$ failed: code 53

meh nevermind my pc is just too 1337 for this :P

I need to try some of this.