Hacking Book | Free Online Hacking Learning


share your technology and add some temperature for safety

Posted by agaran at 2020-03-01

First of all, why to flirt again? Because the big hacker has been flirted once before. If you don't know how to flirt before, you can go to this address to watch

Why did he write this article? Because the big hacker named Xiaoba obviously didn't accept defeat. Soon he developed a new blackmail software and spread it again

As for the author, he has been idle recently. After the last flirting, he may wake up to the "attack" side. This big hacker named Xiaoba has reestablished his self-confidence and published his "new works" again. Either he just feels dissatisfied. He thinks that his blackmail software fell down so quickly because of his mistakes last time. This time, he doesn't know where to find so many confidence and wants to "play against", Then he is a pure "shake m" who finds inexplicable pleasure in being teased. Anyway, I still think that the self-confident hacker who is teased is much more fun than steam.

Of course, it's not interesting to play tricks on big hackers. So this time, in addition to using the simplest way to kill the blackmail software of big hackers, writing OneKey cracker one click cracking software, and then contacting big hackers to let them realize the dangers of IT industry, we simply popularize some reverse and anti reverse knowledge. Let's see how intolerant the "one button plus shell" and "one button plus flower" that kindergarten children can do in some anti cracking methods.

To put it simply, let the big hacker Xiaoba die and understand.

So back to the topic, let's download this blackmail software again

We copy the software to the virtual machine and run it. Soon, the following interface appears

Now, use oldbug to load the software, and prompt that the software has been shelled

Let's use exeinfos to see

Unfortunately, exeinfo can't find the features of this shell. Let's open sections to have a look

It can be seen that two section names have been modified to Xiaoba. Of course, it will take more than 100 years to write a shell with the intelligence of this big hacker. It should be to use other shells to add shells and spend instructions for many times. In order to find the confidence of "I am a big hacker", the section name of the shell has been modified by some tools to show its own strength.

But it doesn't matter. Let's run the blackmail software directly and check the shell with additional methods

Then, like the last time, we change the soup without changing the dressing, and continue to search for the string comparison eigenvalue of this magic Yi language work "the first language of the universe has Yi language first, then Yi language"


Soon, we find the result in the memory image. We jump to this address in the assembly window, and then make the breakpoint

After entering a password, click to start decryption. Soon, the breakpoint is broken. We observe the stack until the so-called "password" appears

Soon, when we reached the breakpoint for the second time, we caught the password

Execute follow to see where RET goes

If you remember correctly, this signature should be the same as the last one. We just need to compare the location of this code in memory

Through comparison, it is found that there are two such comparisons in memory.

That's the same as last time. Let's try to modify the code here to see if it can be cracked successfully.

Soon, this blackmail software surrendered. Is this the same as the last time. The big hacker thought that changing a strong shell would prevent reverse analysis. In fact, it's useless. In fact, it's even se If a strong shell like VMP doesn't use its SDK to de debug and virtualize some key code, the result is the same. Of course, it's too early to understand this with the intelligence of the blackmailer.

The cracking code of this time can almost be shared with that of the last time without any change, that is, the process name is changed from xiaoba.exe to wannadie.exe

[C] Plain text view copy code

End of crack

Of course, if the reader thinks it's too complicated to use OllyDbg, I specially wrote a script with pedoll to crack the software. After mounting the script, it's easy to find out the password of the blackmail software

[C] Plain text view copy code

Obviously, this big hacker still doesn't have a long memory. In some useless places, we continue to see if this software has changed the mailbox, and continue to mount pedoll. Let's continue to extract the email account password of this product, because we only need to grab the data package, just use the send function of pedoll hook

Then click to regenerate the key. Soon, a bunch of packets with account and password sent to port 25 are dumped

Use Base64 to get his account number, yo, change the number

Find out his code again

Last time I posted, someone said that the picture was blurry and could not be seen clearly, so this time I typed it out with words for everyone to have a look

Account: [email protected]

Password: illuminati666

You can log in and play with Foxmail. Of course, if you happen to be the victim of blackmail, you can find your password in this email

Finally, we say hello to the blackmail software hacker. I don't know if I was blackmailed after the last flirt. Thank him for telling us his account number and password again. Are you surprised or not?