Stealther am besten morphine woher`?

Dieses Thema im Forum "Sicherheit & Datenschutz" wurde erstellt von jonny.pl, 15. Dezember 2005 .

Schlagworte:
  1. 15. Dezember 2005
    Ich suche morphine den stealther oder ein anderes was den server nicht kaputt macht!!!

    denn antidod oder wie das heisst, dass macht meinen server immer kaputt!!!
     
  2. 15. Dezember 2005
    Morphine
    http://hxdef.czweb.org/download.php?PHPSESSID=1b39633d527adfe4eb60e32b9d46fe22
     
  3. 15. Dezember 2005
    im oberen feld wählst du die server.exe aus und unten wos gespeichert wird, dann auf morph und fertig
     
  4. 16. Dezember 2005
    hm ich habe morph 2.7 oder so runter gladen, aber wenn ich auf die morphine exe klicke obwohl meinantivirus geschlossen ist ! da startet er das ding nicht?

    muss ich da irgendwie was anderes installieren oder unter 98 starten oder so? habe eigentlich nur xp drauf und irgendwie will das nicht gehen >.<
     
  5. 16. Dezember 2005
    start >> ausführen >> 'cmd' eingeben >> mit 'cd <dir>' ins morphine-verzeichnis wechseln >> 'morphine -?' eingeben >> parameter auswählen und GO!
     
  6. 16. Dezember 2005
    achso kk und was heist der einzelnde befehl immer? bin nicht so der ober englisch profi

    wie bekomme ich das ding anti vir undetected

    macht mal bitte ein beispiel, was bedeutet das einzelne und wie benutzte ich das also

    morphine.exe -q etc.
     
  7. 16. Dezember 2005
    kopiers mal hierhin, hab morphine selbst grad nich zur hand ^^
     
  8. 16. Dezember 2005
    Code:
    Morphine v2.7
    =============
    
    Morphine as a part of The Hacker Defender Project
    by Holy_Father <holy_father@phreaker.net> && Ratter/29A 
    Copyright (c) 2000,forever ExEwORx
    betatested by ch0pper <THEMASKDEMON@flashmail.com>
    birthday: 03.10.2004
    home: http://www.hxdef.org, http://hxdef.net.ru, http://hxdef.czweb.org, 
     http://rootkit.host.sk
    licence: this program is open source under GNU GPL
    update: 22.07.2005: translate into C++ by ashkBiz <ashkbiz@yahoo.com>
     whole CPP project is in CPP directory
    
     Morphine is very unique application for PE files encryption. Unlike 
    other PE encryptors and compressors Morphine includes own PE loader which 
    enables it to put whole source image to the .text section of new PE file. This 
    one is very powerful because you can compress source file with your favourite
    compressor like UPX and then encrypt its output with Morphine. Another powerful
    thing here is polymorphic engine which always creates absolutely different 
    decryptor for the new PE file. This mean if your favourite trojan horse is 
    detected by an antivirus you can encrypt it with Morphine. You will not get 
    the virus alert again. 
     What's more, Morphine allows you to encrypt one file several times!
    But be sure you're using -b option (see usage) when doing this. Unlike others 
    Morphine enlarges your executable by not more than 5kb (this is not true for 
    morphined DLLs without using -d option, see below)! Morphine supports most 
    of PE files and many of other PE encryptor/packers. Also one of the greatest 
    things here is that it is an open source project. In these days antivirus 
    companies sniff around our site waiting for new version of morphine to add 
    new decoder into their databases. But you can simply make your own undetectable 
    version. Because new PE file has random loader it is possible the loading will 
    take more time than you want to (especially when encrypting bigger files). 
    If this occurs simply delete the long time loading PE file and try to build it 
    again. And be careful with morphined DLLs. This can really slow down final 
    execution.
     Whole Morphine code is compatible with Delphi 6 and 7 compiler. 
    Morphined files can be executed on Windows with NT kernel only.
    
    
    
    Usage
    -----
    
    Usage: morphine.exe [-q] [-d] [-b:ImageBase] [-o:OutputFile] InputFile
     -q be quiet (no console output)
     -d for dynamic DLLs only
     -i save resource icon and XP manifest
     -a save overlay data from the end of original file
     -b:ImageBase specify image base in hexadecimal string
     (it is rounded up to next 00010000 multiple)
     -o:OutputFile specify file for output
     (InputFile will be rewritten if no OutputFile given)
    
    Examples:
    1) morphine.exe -q c:\winnt\system32\cmd.exe
     rewrite cmd.exe in system directory and write no info
    
    2) morphine.exe -b:1F000000 -o:newcmd.exe c:\winnt\system32\cmd.exe
     create new file called newcmd.exe based on cmd.exe in system dir
     set its image base to 0x1F000000 and display info about processing
    
    3) morphine.exe -d static.dll
     rewrite static.dll which is loaded only dynamically
    
    4) morphine.exe -i -o:cmdico.exe c:\winnt\system32\cmd.exe
     create new file called cmdico.exe based on cmd.exe in system dir
     save its icon and or XP manifest in resource section
    
    5) morphine.exe -i -a srv.exe
     rewrite srv.exe, save its icon, XP manifest and overlay data
    
    
    
    Versions
    --------
    
    Better DLL support in Morphine 2.7 should make morphined DLL work also 
    on NT4.
    
    
    TLS bugfix number 2 is Morphine 2.6.
    
    
    Version 2.5 fixes the bug in TLS support.
    
    
    Better support for VB programs together with end of file overlay support 
    was added to Morphine 2.4.
    
    
    There were two serious bugz in previous releases. Morphine 2.3 fixs both
    of them.
    
    
    Version 2.2 supports Mew 11 SE 1.2 exe packer.
    
    
    Version 2.1 supports FSG 2.0 exe packer.
    
    
    Version 2.0 implements random secondary encryption routine and adds enables 
    saving resource for DLLs. Last improvement in this version is a fake loop 
    in DynLoader which protects morphine files against Norton AntiVirus.
    
    
    Since 1.9 you can save first icon directory and XP manifest in resource 
    section using -i switch. 
    
    
    Polycode is now smaller then ever - only 16 instructions - in version 1.8. 
    Smaller polycode makes possible smaller final executable.
    
    
    Version 1.7 implements variable key length for second encryption routine.
    
    
    Version 1.6 is about :mad:ing KAV :). Well, not only :mad:ing KAV, also 
    second decrypting unit is before loader.
    
    Version 1.5 is about improved polymorphic code. It's much more easier to 
    write own polycode now. Also it's hard to detect for AV.
    
    
    Since 1.4 you can morphine DLL. There is a new option -d which isn't used by 
    default. There are two ways how to import functions from DLL. For static import
    PE loader use import section in PE file. For dynamic import coder have to use 
    functions like LoadLibrary and GetProcAddress. Many of DLLs are loaded only
    dynamically. But this can change in future because any program can load DLL 
    statically. If you know your morphined DLL will never be loaded statically 
    you can use (and it's better to use) -d option (morphined DLLs without -d 
    can be much bigger than original).
    
    
    Since 1.3 we use smaller polymorphic loader. This is good for final executable
    which is less than 5kb bigger than original file. Also source code is more 
    transparent.
    
    
    Since 1.2b morphined file has no .data section and the whole PE file is 
    somewhere in .text section. Reason for this is that you could easily find 
    old PE signatures and then find a key for decoding.
    
    
    Modifications by Jan Klaassen for 1.2a (cut&paste from mail):
    
    Somewhere on a forum I read your solutions for getting around a pattern
    recognition of AntiVirus in "Morphined" executables. The pattern "FF2534" was
    mentioned, but I think the AV also used the ..0000 bytes in front of it, or
    the code after it, since the AV was not triggered if the pattern mentioned was
    somewhere else in the code.
    
    I have made a small modification to the Morphine source code. I thought that
    maybe you or someone you know might be interested in these changes to get
    around AV recognition. I moved the jumps to the import section into the
    initcode (at the end) and implemented several (random) variants for the jumps.
    The jumps are coded seperately and are placed inside your rubbish. :)
    
    The initcode changed in the following way:
    - The addresses of the imported function in @DynLoaderCaller now get fixed-up
    with the location of the import jmps at the end of the initcode
    - The addresses of the import jmps get fixed-up with the location of the
    thunks (hint and name) of the imported function in the import section.
    
    The modified morphine and morphined exes seem to run fine on either Windows XP
    SP1 and Windows 2000 Adv.Server. (All morphined exes crash on Windows 98
    Second Edition.)
    
    
    
    Files
    -----
    
     original archive contains these files:
    
    morphine.exe 23 412 compiled and MEWed Morphine
    morphine.dpr 172 955 source code of Morphine
    morphine.txt 7 604 this readme
    
    CPP\
    Morphine.exe 34 397 compiled and MEWed c++ Morphine 
    morphine.cpp 298 692 source code of c++ Morphine
    Morphine.dsp 4 428 MSVS file
    Morphine.dsw 539 MSVS file
    morphine.sln 905 MSVS file 
    morphine.vcproj 3 163 MSVS file
    
     
  9. 17. Dezember 2005
    Hmm, bei mir kommt immer:
    Bringt aber nix, kommt immer wieder. ;(
     
  10. 20. Dezember 2005
    bei mir geht der, nur das opfer dem ich es geschickt habe meinte sein pc wäre abgestürzt als ich es ihm in einer rar datei per msn schicken wollte oO kann doch gar net sein ?

    hm

    stealtht das ding nun vor antivir ja ? und was muss ich einstellen bei der gui version `?

    hab alles std. gelassen
     
  11. 20. Dezember 2005
    wenn du morphine nicht bedienen kannst dann lass es doch einfach...

    btw falls du es noch nicht gemerkt hast:
    ein trojaner mit morphine zu stealthen bringt fast nichts....
     
  12. 21. Dezember 2005
    komisch das es hier heisst, antivir detected es dann nicht etc.

    es muss doch ein tool geben, das den trojaner nicht kaputt macht und ihn vor antivir hauptsächlich nicht decten lässt ...

    und prorat funzelt dann doch oder nicht? also vonwegen festplatten rumstöbern evtl. webcam anmachen und keylgger ?
     
  13. 21. Dezember 2005
    ja klar funzen die tools noch aber sie sind dann trotzdem zu 90% nicht undetected.
    morphine ist ja schon alt^^
     
  14. 21. Dezember 2005
    mir hets ja nur um antivir oO

    was anderes ist egal >.< wollt halt nur nen kumpel nen denkzettel verpassen, nen paar daten rumstöbern evtl. webcam aus joke anmachen was aber nicht ein muss sein muss !!!

    aber halt evtl. passwärter klauen und was sein sollte festplatten rumstöbern und daen saugen ^^
     
  15. 21. Dezember 2005
    hm bei mir gehts mit morhpine bifrost vor antivir zu stealthen o.ô habs auch mal aufm online av hochgeladen und da erkennt antivir den packer morphine ?(

    naja egal, du kannstes auch mal mit av devil probieren und die offsets auslesen dann musste halt nur noch n bissl hexxn den code verändern an den bestimmten stellen. des funzt hundert pro

    da findeste avdevil

    http://217.172.39.227/~adminfp/download/Binder_Packer/av_devil_2.1.rar des rar pw is hacksector
     
  16. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.