Reverse Engineering Kit[Olly Tools 2013---with Plugins]

So someone asked me where he should get a good Kit for reverse Engenering .... well heres a link to a 2013 Olly T00lset :) p.s will upload to my dropbox so it doesnt run the risk of elimination....


0llyDBG T00Ls 2013-2014

have a blast :)

back to code, sawa?
Wazi

My Rant - Katy

For the sake of this argument security is devoid of technology and Vic a Vic ..... And for further clarity.... This is a rant, zero security ,hacking, coding and development purpose....

She was beautiful, well I was sexually starved but in all aspects... She was beautiful ... It was around 2004 and we had attended the provincial drama festival... My ellocuent English had pulled me thus far (God had) I loved acting ... Being a thespian is something I pride myself with... Maybe because it came in 2nd in my nature or just my character.. Ok ... She was beautiful, sad part my geeky nerdy esteem kicked up a notch higher than my words.... I really did try talking to her, but sadly my courage would jolt beneath the Marian's trench in depth when making pleasants with a beautiful girl.

For the sake of this short rant... Let's call her Katy, Katy... Look for that song by Peter Bradley Adams... No relation to this story though... She was perfect, light skinned... 4 on a light skin completion meter she was medium height curvy , lord she had it long black natural hair ,ow do trust me .,, zero make up.... Except from the lip gloss on her full but very brief lips... You know the ones that leave you questioning if the kiss happened or you just bit your lower or upper lip depending on your formulae with kisses....dressed in her high school attire she played right into my geek fantasies so well I matched it with reality so quick my pecker jolted much ...ahem... She was beautiful in every sense.... She looked at me once in a while, making me fix my pullover so many times I think I switched it front to back a few more than enough times....She was beautiful... Her eyes full of energy and excitement yet shy not enough innocence could be in the world to match hers and her face... Enough to challenge the Greek sculptured philosophy in a frenzy.... She was....

Everything breaks, this is my most favorite quote, and standing by it ,I broke even and walked to her well not alone was she nor was I ,I had a fleet of men in wait... Or wingman if I may rephrase ,my salutations were met with a smile, something not many a folk do, reasons would fall in major categories noted as am very nerdy, too geeky and masculine appeal to ladies... I don't really pull that much trophies ,anyway she smiled setting a perfect display of one heck of a set of white leveled teeth, she was Beautiful, by jones she was a masterpiece.

I would love to tell you that to this day thoughts of her and me flaunt my mind that is true as she met my poor vibe with smiles that made me think i was either a very good clown or romeo himself.... to be really honest i dont know what she saw in me honestly, i dont mean to self me self short but i swear, she was too good to me, I remember when we left each other, we exchanged names , birth dates, (dont ask why) and school addresses, funny thing I never wrote, but she did... enough times to let me see she really like me... she even sent me er school tie for me to wear it, swear (this was a quintessence of a girls virginity back then) anyway.... she did and to this day I remember her as none other.

I mean to say there's always a person in mind who stirs your security, memory wise.... processor wise(mind) heck even your Operating Soul.... those are your exploits.... so exploits are good... right? they give access to the heart mean root. so .... let me code that android exploit then Katy i mean  exploit away :)

Security oriented Distro Kali Linux Header Installation Issues

So this is rather going to be short.

Many people especially in the forums have been nagging about the custom kernel on Kali Linux and how to install the kernel headers that come with the new security distro [currently at time of publish 1.0.5] and the header being 3.7-trunk-amd64, this kernel has a patch that allows packet injection hence another method i used by upgrading the kernel to 3.8.x worked for installing headers required for VMware/Virtual Box installation but i couldn't work on the wireless network security/pentest.

So here we go, first thing you will need to edit your sources list that is if they dont have this:

deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main contrib non-free
deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali-dev main/debian-installer
deb-src http://http.kali.org/kali kali-dev main contrib non-free

deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali main contrib non-free
deb [arch=i386,amd64,armel,armhf] http://http.kali.org/kali kali main/debian-installer
deb-src http://http.kali.org/kali kali main contrib non-free

deb [arch=i386,amd64,armel,armhf] http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

sometimes after doing this and trying an update (apt-get update) you might get an exception that

E: Type 'deb[arch=i386,amd64,armel,armhf] ' is not known on line..... in source list /etc/apt.......
kindly eliminate the [arch=i386,amd64,armel,armhf] from everywhere it appears and try again .... this will work most of the time.
ok then ..... here are a few commands to kick in that virtual appliance NB.... this is before installing the virtual appliance

echo cups enabled >> /usr/sbin/update-rc.d

echo vmware-tools enabled >> /usr/sbin/update-rc.d
apt-get install gcc make linux-headers-$(uname -r) 

and voila.... this works ...well for me ... i hope it does for you too :)

Ok am better now :)

well the title is pretty much definitive, been a while since the September 13 demise of an accident , yes it was a Friday and a 13th to be precise .... any way I am well and back , few projects here and there but posts are due to continue streaming in:

An android spyware :) yes we will have that.
A mobile tracking system from what around  200$ system.
Owww and yes ... if you read my blog ... don't expect me to put up banners and notices that this is for educational purpose only.... ITS FOR SECURITY for chris* sake, if it looks bad that's because you need to patch yo system aight?

alright vented* so lets do security.

Part 1: Stealing Internet :) again (this is becoming a habit)

Since this post is going to be a little bit long why dont I try to be as forth coming as I can, Its becoming very hard for me to blog with this projects that I am working on and no, am not complaining.
So Lets steal some more Internet Orange Ke.(Ok its Telkom but same difference)

Ok so I made an earlier Post about getting that free internet using a method that employed brute forcing usernames (still viable) but heres another method and woah unto you who use the method as this will also guarantee you making a huge  mistake (for Educational purposes only)

1. Get a CDMA/EVDO RUIM card that is not probably registered in your name.
2. Get TOR / (any suitable VPN you prefer (to me /for me .... I refer TOR for its Free sense and the fact that I get more than two hacks going here)<--- PS TOR is not that safe dont believe me (i will post that later))
3. Computer
4. CDMA/EVDO Modem best to strip off your IMEI/SN but hey its not much you just not paranoid enough ...YET
5.nmap :) (ok you dont need this i will do the scan for you)

Ok yes

5. BRAIN

..... Ok here we go:

So What we will be doing, using a VPN to bypass the billing server:

Make sure you dont have existing bundles to work this out (thats the point of it right?)

ok since this is step one I teach how to configure TOR to a specific country (why?.... TOR is used by a lot of  people, this slows down its network bandwidth, speed and we prefer high internet speeds do we not<--- alright here we go)

owww Install TOR and Vidalia  package for your OS. (If I need to show you this, ah ah....  am not going there)
then we need to access  this once we have finished the installation

Seeing what we have is the list for all servers and countries we can use for TOR .
Select a certain country you want e.g China
Click that server select and save the Fingerprint of the server to fingerprint.txt (copy like 4 of them)

 Then
Remove the spaces and add $ in front of each line & separate with ” , “. Save it as a single line.

Add “ExitNodes” and next line “StrictExitNodes 1″. It will look like … the above^

Now after that go to settings: advanced: open up the torc file you can see (mine gave me hell on my FreeBSD box so heres a VM switch up on XP ) 

once that is open edit that to give you the bellow instance:

What you will add is the ExitNodes lines to the top of that file, nothing more or less :)

save this information click open , OK , exit and done :) 

Restart the Vidalia package and voila, we are done :)

Ok from this steps we done with step one :) with step two i will explain what happens but with this if you connect your modem ... and start TOR you will be able to browse for free, OK (with disconnections every ten minutes (that's my fault --- ask orange who gave them the idea :) yes, iBrag.

anyway reality aside a simple batch/bash script would suffice over the problem.

So what do we have

Fast

Free

(annoying coz of disconnection but sure you can chip in on how to bypass this) Internet

Obfuscation :That Part About Tormenting the Bastard Trying To Get In

I made a post about tormenting the culprit trying to get either (through) your code or through your network (well it was about code) and I never ( I did note down )

Obfuscation

Simply put its jumbling up your code (in a pattern <---- this has a weakness also but hey I still said it also :P )

anyway lets keep the newbies and the lazy bums at bay for the least of the part.

So a Wikipedia explanation is as such: In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand.

Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.

So here goes nothing , different methods to do this,

1. Manual

2. Automated

(well mainly i use manual to decode)

Say we have this piece of code

<?php echo '<p>Hello World</p>'; ?> 

and we have this 

<?php

$f27ff0e1af66="\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";@eval($f27ff0e1af66(

"JHpmNWI5OWQ5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0PSJceDYyIjskcTdkM2Y3YjdhY2U3OGRmNGNjOWRmNGQ

yZjc3OGRmMWE9Ilx4NjUiOyRyZTkxZmM3NWQ2YzViNWMyODM4Nzc5YjMwODg1Y2I0OD0iXHg2NiI7JGE2OTU1NzF

kOTRkZmEwM2U2NzEwZTE2NzM1YzYwZmE2PSJceDY3IjskeTIyYmI1M2NmOGExZDA1MTEzYjEyM2QzZjNmODk5MjE

9Ilx4NmQiOyR1MDgwYjY1ZDc1NjFmOTFkMWQ0ZDA2OGU1NTAxZjQwMD0iXHg2ZiI7JHUyNzdlZGUwMDQwYjA3ZGM

yMDhiMWQxMWM5YzkyZTE2PSJceDZmIjskeTdlMjIzNDQxYWFlZDYxNmM4NTM3OTZlNjE4NWZiNDU9Ilx4NmYiOyR

nNjEzOWJiZjE3YmQzOTdhYzA5MDY1ODI1ZGVkMjhlYj0iXHg2ZiI7JHo1Y2QzOTAwNDU4YmMwYThhNThhNzc4MTc

yYmQ1MTRmPSJceDczIjskb2IwNmQ5OWY3ODZhOTM0YmRkNTlmYWRhM2JiOWVmNTI9Ilx4NzMiOyRsMTM2OTZmNTJ

jN2RlYTk2NzNjNWVhYjZlMTk1MDNmNT0iXHg3MyI7JHEzMjQwNTFkZDg2MjBiYzU5ZTM3ZmNmNjRmZjNkMGEyPSJ

ceDczIjskemY1Yjk5ZDkwNWQ4NGFiZWRlOGVkNDIyNjc2M2VmYzQuPSJcMTQxIjskcTdkM2Y3YjdhY2U3OGRmNGN

jOWRmNGQyZjc3OGRmMWEuPSJcMTYyIjskcmU5MWZjNzVkNmM1YjVjMjgzODc3OWIzMDg4NWNiNDguPSJcMTUxIjs

kYTY5NTU3MWQ5NGRmYTAzZTY3MTBlMTY3MzVjNjBmYTYuPSJcMTcyIjskeTIyYmI1M2NmOGExZDA1MTEzYjEyM2Q

zZjNmODk5MjEuPSJcMTQ0IjskdTA4MGI2NWQ3NTYxZjkxZDFkNGQwNjhlNTUwMWY0MDAuPSJcMTQyIjskdTI3N2V

kZTAwNDBiMDdkYzIwOGIxZDExYzljOTJlMTYuPSJcMTQyIjskeTdlMjIzNDQxYWFlZDYxNmM4NTM3OTZlNjE4NWZ

iNDUuPSJcMTQyIjskZzYxMzliYmYxN2JkMzk3YWMwOTA2NTgyNWRlZDI4ZWIuPSJcMTQyIjskejVjZDM5MDA0NTh

iYzBhOGE1OGE3NzgxNzJiZDUxNGYuPSJcMTY0Ijskb2IwNmQ5OWY3ODZhOTM0YmRkNTlmYWRhM2JiOWVmNTIuPSJ

cMTY0IjskbDEzNjk2ZjUyYzdkZWE5NjczYzVlYWI2ZTE5NTAzZjUuPSJcMTY0IjskcTMyNDA1MWRkODYyMGJjNTl

lMzdmY2Y2NGZmM2QwYTIuPSJcMTY0IjskemY1Yjk5ZDkwNWQ4NGFiZWRlOGVkNDIyNjc2M2VmYzQuPSJceDczIjs

kcTdkM2Y3YjdhY2U3OGRmNGNjOWRmNGQyZjc3OGRmMWEuPSJceDY1IjskcmU5MWZjNzVkNmM1YjVjMjgzODc3OWI

zMDg4NWNiNDguPSJceDZjIjskYTY5NTU3MWQ5NGRmYTAzZTY3MTBlMTY3MzVjNjBmYTYuPSJceDY5IjskeTIyYmI

1M2NmOGExZDA1MTEzYjEyM2QzZjNmODk5MjEuPSJceDM1IjskdTA4MGI2NWQ3NTYxZjkxZDFkNGQwNjhlNTUwMWY

0MDAuPSJceDVmIjskdTI3N2VkZTAwNDBiMDdkYzIwOGIxZDExYzljOTJlMTYuPSJceDVmIjskeTdlMjIzNDQxYWF

lZDYxNmM4NTM3OTZlNjE4NWZiNDUuPSJceDVmIjskZzYxMzliYmYxN2JkMzk3YWMwOTA2NTgyNWRlZDI4ZWIuPSJ

ceDVmIjskejVjZDM5MDA0NThiYzBhOGE1OGE3NzgxNzJiZDUxNGYuPSJceDcyIjskb2IwNmQ5OWY3ODZhOTM0YmR

kNTlmYWRhM2JiOWVmNTIuPSJceDcyIjskbDEzNjk2ZjUyYzdkZWE5NjczYzVlYWI2ZTE5NTAzZjUuPSJceDcyIjs

kcTMyNDA1MWRkODYyMGJjNTllMzdmY2Y2NGZmM2QwYTIuPSJceDcyIjskemY1Yjk5ZDkwNWQ4NGFiZWRlOGVkNDI

yNjc2M2VmYzQuPSJcMTQ1IjskcTdkM2Y3YjdhY2U3OGRmNGNjOWRmNGQyZjc3OGRmMWEuPSJcMTQ3IjskcmU5MWZ

jNzVkNmM1YjVjMjgzODc3OWIzMDg4NWNiNDguPSJcMTQ1IjskYTY5NTU3MWQ5NGRmYTAzZTY3MTBlMTY3MzVjNjB

mYTYuPSJcMTU2IjskdTA4MGI2NWQ3NTYxZjkxZDFkNGQwNjhlNTUwMWY0MDAuPSJcMTQ1IjskdTI3N2VkZTAwNDB

iMDdkYzIwOGIxZDExYzljOTJlMTYuPSJcMTQ1IjskeTdlMjIzNDQxYWFlZDYxNmM4NTM3OTZlNjE4NWZiNDUuPSJ

cMTQ3IjskZzYxMzliYmYxN2JkMzk3YWMwOTA2NTgyNWRlZDI4ZWIuPSJcMTYzIjskejVjZDM5MDA0NThiYzBhOGE

1OGE3NzgxNzJiZDUxNGYuPSJcMTM3Ijskb2IwNmQ5OWY3ODZhOTM0YmRkNTlmYWRhM2JiOWVmNTIuPSJcMTM3Ijs

kbDEzNjk2ZjUyYzdkZWE5NjczYzVlYWI2ZTE5NTAzZjUuPSJcMTYwIjskcTMyNDA1MWRkODYyMGJjNTllMzdmY2Y

2NGZmM2QwYTIuPSJcMTY0IjskemY1Yjk5ZDkwNWQ4NGFiZWRlOGVkNDIyNjc2M2VmYzQuPSJceDM2IjskcTdkM2Y

3YjdhY2U3OGRmNGNjOWRmNGQyZjc3OGRmMWEuPSJceDVmIjskcmU5MWZjNzVkNmM1YjVjMjgzODc3OWIzMDg4NWN

iNDguPSJceDVmIjskYTY5NTU3MWQ5NGRmYTAzZTY3MTBlMTY3MzVjNjBmYTYuPSJceDY2IjskdTA4MGI2NWQ3NTY

xZjkxZDFkNGQwNjhlNTUwMWY0MDAuPSJceDZlIjskdTI3N2VkZTAwNDBiMDdkYzIwOGIxZDExYzljOTJlMTYuPSJ

ceDZlIjskeTdlMjIzNDQxYWFlZDYxNmM4NTM3OTZlNjE4NWZiNDUuPSJceDY1IjskZzYxMzliYmYxN2JkMzk3YWM

wOTA2NTgyNWRlZDI4ZWIuPSJceDc0IjskejVjZDM5MDA0NThiYzBhOGE1OGE3NzgxNzJiZDUxNGYuPSJceDcyIjs

kb2IwNmQ5OWY3ODZhOTM0YmRkNTlmYWRhM2JiOWVmNTIuPSJceDcyIjskbDEzNjk2ZjUyYzdkZWE5NjczYzVlYWI

2ZTE5NTAzZjUuPSJceDZmIjskcTMyNDA1MWRkODYyMGJjNTllMzdmY2Y2NGZmM2QwYTIuPSJceDZmIjskemY1Yjk

5ZDkwNWQ4NGFiZWRlOGVkNDIyNjc2M2VmYzQuPSJcNjQiOyRxN2QzZjdiN2FjZTc4ZGY0Y2M5ZGY0ZDJmNzc4ZGY

xYS49IlwxNjIiOyRyZTkxZmM3NWQ2YzViNWMyODM4Nzc5YjMwODg1Y2I0OC49IlwxNDciOyRhNjk1NTcxZDk0ZGZ

hMDNlNjcxMGUxNjczNWM2MGZhNi49IlwxNTQiOyR1MDgwYjY1ZDc1NjFmOTFkMWQ0ZDA2OGU1NTAxZjQwMC49Ilw

xNDQiOyR1Mjc3ZWRlMDA0MGIwN2RjMjA4YjFkMTFjOWM5MmUxNi49IlwxNDQiOyR5N2UyMjM0NDFhYWVkNjE2Yzg

1Mzc5NmU2MTg1ZmI0NS49IlwxNjQiOyRnNjEzOWJiZjE3YmQzOTdhYzA5MDY1ODI1ZGVkMjhlYi49IlwxNDEiOyR

6NWNkMzkwMDQ1OGJjMGE4YTU4YTc3ODE3MmJkNTE0Zi49IlwxNDUiOyRvYjA2ZDk5Zjc4NmE5MzRiZGQ1OWZhZGE

zYmI5ZWY1Mi49IlwxNTciOyRsMTM2OTZmNTJjN2RlYTk2NzNjNWVhYjZlMTk1MDNmNS49IlwxNjMiOyRxMzI0MDU

xZGQ4NjIwYmM1OWUzN2ZjZjY0ZmYzZDBhMi49IlwxNTMiOyR6ZjViOTlkOTA1ZDg0YWJlZGU4ZWQ0MjI2NzYzZWZ

jNC49Ilx4NWYiOyRxN2QzZjdiN2FjZTc4ZGY0Y2M5ZGY0ZDJmNzc4ZGYxYS49Ilx4NjUiOyRyZTkxZmM3NWQ2YzV

iNWMyODM4Nzc5YjMwODg1Y2I0OC49Ilx4NjUiOyRhNjk1NTcxZDk0ZGZhMDNlNjcxMGUxNjczNWM2MGZhNi49Ilx

4NjEiOyR1MDgwYjY1ZDc1NjFmOTFkMWQ0ZDA2OGU1NTAxZjQwMC49Ilx4NWYiOyR1Mjc3ZWRlMDA0MGIwN2RjMjA

4YjFkMTFjOWM5MmUxNi49Ilx4NWYiOyR5N2UyMjM0NDFhYWVkNjE2Yzg1Mzc5NmU2MTg1ZmI0NS49Ilx4NWYiOyR

nNjEzOWJiZjE3YmQzOTdhYzA5MDY1ODI1ZGVkMjhlYi49Ilx4NzIiOyR6NWNkMzkwMDQ1OGJjMGE4YTU4YTc3ODE

3MmJkNTE0Zi49Ilx4NzAiOyRvYjA2ZDk5Zjc4NmE5MzRiZGQ1OWZhZGEzYmI5ZWY1Mi49Ilx4NzQiOyR6ZjViOTl

kOTA1ZDg0YWJlZGU4ZWQ0MjI2NzYzZWZjNC49IlwxNDQiOyRxN2QzZjdiN2FjZTc4ZGY0Y2M5ZGY0ZDJmNzc4ZGY

xYS49IlwxNjAiOyRyZTkxZmM3NWQ2YzViNWMyODM4Nzc5YjMwODg1Y2I0OC49IlwxNjQiOyRhNjk1NTcxZDk0ZGZ

hMDNlNjcxMGUxNjczNWM2MGZhNi49IlwxNjQiOyR1MDgwYjY1ZDc1NjFmOTFkMWQ0ZDA2OGU1NTAxZjQwMC49Ilw

xNDMiOyR1Mjc3ZWRlMDA0MGIwN2RjMjA4YjFkMTFjOWM5MmUxNi49IlwxNDYiOyR5N2UyMjM0NDFhYWVkNjE2Yzg

1Mzc5NmU2MTg1ZmI0NS49IlwxNDMiOyRnNjEzOWJiZjE3YmQzOTdhYzA5MDY1ODI1ZGVkMjhlYi49IlwxNjQiOyR

6NWNkMzkwMDQ1OGJjMGE4YTU4YTc3ODE3MmJkNTE0Zi49IlwxNTQiOyRvYjA2ZDk5Zjc4NmE5MzRiZGQ1OWZhZGE

zYmI5ZWY1Mi49Ilw2MSI7JHpmNWI5OWQ5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0Lj0iXHg2NSI7JHE3ZDNmN2I

3YWNlNzhkZjRjYzlkZjRkMmY3NzhkZjFhLj0iXHg2YyI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ

4Lj0iXHg1ZiI7JGE2OTU1NzFkOTRkZmEwM2U2NzEwZTE2NzM1YzYwZmE2Lj0iXHg2NSI7JHUwODBiNjVkNzU2MWY

5MWQxZDRkMDY4ZTU1MDFmNDAwLj0iXHg2YyI7JHUyNzdlZGUwMDQwYjA3ZGMyMDhiMWQxMWM5YzkyZTE2Lj0iXHg

2YyI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ1Lj0iXHg2ZiI7JHo1Y2QzOTAwNDU4YmMwYThhNTh

hNzc4MTcyYmQ1MTRmLj0iXHg2MSI7JG9iMDZkOTlmNzg2YTkzNGJkZDU5ZmFkYTNiYjllZjUyLj0iXHgzMyI7JHp

mNWI5OWQ5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0Lj0iXDE0MyI7JHE3ZDNmN2I3YWNlNzhkZjRjYzlkZjRkMmY

3NzhkZjFhLj0iXDE0MSI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXDE0MyI7JHUwODBiNjV

kNzU2MWY5MWQxZDRkMDY4ZTU1MDFmNDAwLj0iXDE0NSI7JHUyNzdlZGUwMDQwYjA3ZGMyMDhiMWQxMWM5YzkyZTE

2Lj0iXDE2NSI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ1Lj0iXDE1NiI7JHo1Y2QzOTAwNDU4YmM

wYThhNThhNzc4MTcyYmQ1MTRmLj0iXDE0MyI7JHpmNWI5OWQ5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0Lj0iXHg

2ZiI7JHE3ZDNmN2I3YWNlNzhkZjRjYzlkZjRkMmY3NzhkZjFhLj0iXHg2MyI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg

3NzliMzA4ODVjYjQ4Lj0iXHg2ZiI7JHUwODBiNjVkNzU2MWY5MWQxZDRkMDY4ZTU1MDFmNDAwLj0iXHg2MSI7JHU

yNzdlZGUwMDQwYjA3ZGMyMDhiMWQxMWM5YzkyZTE2Lj0iXHg3MyI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTY

xODVmYjQ1Lj0iXHg3NCI7JHo1Y2QzOTAwNDU4YmMwYThhNThhNzc4MTcyYmQ1MTRmLj0iXHg2NSI7JHpmNWI5OWQ

5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0Lj0iXDE0NCI7JHE3ZDNmN2I3YWNlNzhkZjRjYzlkZjRkMmY3NzhkZjF

hLj0iXDE0NSI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXDE1NiI7JHUwODBiNjVkNzU2MWY

5MWQxZDRkMDY4ZTU1MDFmNDAwLj0iXDE1NiI7JHUyNzdlZGUwMDQwYjA3ZGMyMDhiMWQxMWM5YzkyZTE2Lj0iXDE

1MCI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ1Lj0iXDE0NSI7JHpmNWI5OWQ5MDVkODRhYmVkZTh

lZDQyMjY3NjNlZmM0Lj0iXHg2NSI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXHg3NCI7JHk

3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ1Lj0iXHg2ZSI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA

4ODVjYjQ4Lj0iXDE0NSI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ1Lj0iXDE2NCI7JHJlOTFmYzc

1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXHg2ZSI7JHk3ZTIyMzQ0MWFhZWQ2MTZjODUzNzk2ZTYxODVmYjQ

1Lj0iXHg3MyI7JHJlOTFmYzc1ZDZjNWI1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXDE2NCI7JHJlOTFmYzc1ZDZjNWI

1YzI4Mzg3NzliMzA4ODVjYjQ4Lj0iXHg3MyI7JGc2MTM5YmJmMTdiZDM5N2FjMDkwNjU4MjVkZWQyOGViKCk7aWY

oJHkyMmJiNTNjZjhhMWQwNTExM2IxMjNkM2YzZjg5OTIxKCRxN2QzZjdiN2FjZTc4ZGY0Y2M5ZGY0ZDJmNzc4ZGY

xYSgiXHg1Y1w1MFx4MjJcMTMzXHgzMFw1NVx4MzlcMTAxXHgyZFwxMzJceDYxXDU1XHg3YVwxMzRceDJiXDU3XHg

zZFwxMzVceDJhXDQyXHg1Y1w1MSIsIlx4MjhcNDJceDIyXDUxIiwkejVjZDM5MDA0NThiYzBhOGE1OGE3NzgxNzJ

iZDUxNGYoIlxyXG4iLCIiLCRyZTkxZmM3NWQ2YzViNWMyODM4Nzc5YjMwODg1Y2I0OCgkcTMyNDA1MWRkODYyMGJ

jNTllMzdmY2Y2NGZmM2QwYTIoX19GSUxFX18sIlx4MjgiKSkpKSk9PSJceDY0XDE0Mlx4MzRcMTQ0XHgzM1w2MVx

4MzhcMTQ1XHgzMlw2NFx4MzNcNzBceDMzXDYzXHgzMVw2MVx4NjFcMTQ0XHg2NFw2MVx4MzhcNjZceDM2XDY1XHg

zMlwxNDJceDYzXDY0XHgzN1w2NFx4MzhcNjEiKXtAZXZhbCgkYTY5NTU3MWQ5NGRmYTAzZTY3MTBlMTY3MzVjNjB

mYTYoJHpmNWI5OWQ5MDVkODRhYmVkZThlZDQyMjY3NjNlZmM0KCRvYjA2ZDk5Zjc4NmE5MzRiZGQ1OWZhZGEzYmI

5ZWY1MigiV0xma1FiRGpRTkYvTHlVRkxXaUwwTHhHK0x0b3BPWUVEcGFtbWpzSUZRQjcwNHd2S1lJSWRvbTV3dTl

BM3dUR2J4dmlVSnpwbGliZzEzUk9BUTlCVEJscjNuVlV6a1JTSUxqeE9wQVlnY2lFdlZDbkw4cmlHK2E1L0tBVGx

tYmZIU280TkQ9PSIpKSkpO30kbDEzNjk2ZjUyYzdkZWE5NjczYzVlYWI2ZTE5NTAzZjUoJHk3ZTIyMzQ0MWFhZWQ

2MTZjODUzNzk2ZTYxODVmYjQ1KCksIlx4MzBcNjVceDYzXDYyXHg2NFw2Nlx4NjVcMTQ0XHgzNVwxNDRceDMyXDE

0MVx4NjNcMTQyXHgzMFw3MVx4MzZcNjRceDYzXDE0Nlx4MzBcNjdceDMxXDY2XHgzMFw2NVx4MzVcMTQ2XHg2NFw

xNDZceDMwXDYxIik/JHUwODBiNjVkNzU2MWY5MWQxZDRkMDY4ZTU1MDFmNDAwKCk6JHUyNzdlZGUwMDQwYjA3ZGM

yMDhiMWQxMWM5YzkyZTE2KCk7"));

?>

Well whats the diffrence? well none if we both run them (warning the second part might not but try this)

<?php

$i2dfb47d88c5="\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";@eval($i2dfb47d88c5(

"JHoyYjIwMGJhOTkyYmQ5NGQwNzkyMzNjOGM5ZjFkOWZmPSJceDYyIjskYWJiN2NjYWRkOTBiY2I0NzUxNTgwOTk

4Njk3M2JiYTU9Ilx4NjUiOyRxYWM1N2ExYTYwZjA0YTFjODVjM2YwN2FiNTk0ODNhMD0iXHg2NiI7JG81YTI0ZjR

lM2UwZTE0ZGI2MDE2YmYwNWJmOTNjYTY3PSJceDY3IjskYTk1NGU2YmFjMWVmMjQyNzdiYzlhMzE4MzMwYjljODY

9Ilx4NmQiOyRnMmY1ODE3YTJhNTdkMjYyNTk3YjY0MTdlMGRkZWUyNj0iXHg2ZiI7JGg4ZjQ1YjI1ZDI4YjY4NWV

jNTliYjEyMGYzNDRlYTM5PSJceDZmIjskdDM0ZGFmZmIwZGQ2YTRhMTk0OGY2Y2ViNTJiZGFhODg9Ilx4NmYiOyR

2ODBmNjcxNmMxYjBmN2Y4YjVhY2NlM2RjZDc2OWY0MT0iXHg2ZiI7JHcyMmJlMTIwNmM1MTY5NWM0MzExMjJlNTE

3MTkzODkyPSJceDczIjskeTdmOTBhMzUwMDJkNjBlN2UzY2FlOTZjZGIyNTY1NzM9Ilx4NzMiOyRtMTc1Mjk0ZDk

0ZTMxZjMzOTMzYTVhZDgwZDRhZjkxYz0iXHg3MyI7JGY1NWZmZmFhMzYxMjE2OTFkYWU0YTRiODM5NjkzYjJjPSJ

ceDczIjskejJiMjAwYmE5OTJiZDk0ZDA3OTIzM2M4YzlmMWQ5ZmYuPSJcMTQxIjskYWJiN2NjYWRkOTBiY2I0NzU

xNTgwOTk4Njk3M2JiYTUuPSJcMTYyIjskcWFjNTdhMWE2MGYwNGExYzg1YzNmMDdhYjU5NDgzYTAuPSJcMTUxIjs

kbzVhMjRmNGUzZTBlMTRkYjYwMTZiZjA1YmY5M2NhNjcuPSJcMTcyIjskYTk1NGU2YmFjMWVmMjQyNzdiYzlhMzE

4MzMwYjljODYuPSJcMTQ0IjskZzJmNTgxN2EyYTU3ZDI2MjU5N2I2NDE3ZTBkZGVlMjYuPSJcMTQyIjskaDhmNDV

iMjVkMjhiNjg1ZWM1OWJiMTIwZjM0NGVhMzkuPSJcMTQyIjskdDM0ZGFmZmIwZGQ2YTRhMTk0OGY2Y2ViNTJiZGF

hODguPSJcMTQyIjskdjgwZjY3MTZjMWIwZjdmOGI1YWNjZTNkY2Q3NjlmNDEuPSJcMTQyIjskdzIyYmUxMjA2YzU

xNjk1YzQzMTEyMmU1MTcxOTM4OTIuPSJcMTY0IjskeTdmOTBhMzUwMDJkNjBlN2UzY2FlOTZjZGIyNTY1NzMuPSJ

cMTY0IjskbTE3NTI5NGQ5NGUzMWYzMzkzM2E1YWQ4MGQ0YWY5MWMuPSJcMTY0IjskZjU1ZmZmYWEzNjEyMTY5MWR

hZTRhNGI4Mzk2OTNiMmMuPSJcMTY0IjskejJiMjAwYmE5OTJiZDk0ZDA3OTIzM2M4YzlmMWQ5ZmYuPSJceDczIjs

kYWJiN2NjYWRkOTBiY2I0NzUxNTgwOTk4Njk3M2JiYTUuPSJceDY1IjskcWFjNTdhMWE2MGYwNGExYzg1YzNmMDd

hYjU5NDgzYTAuPSJceDZjIjskbzVhMjRmNGUzZTBlMTRkYjYwMTZiZjA1YmY5M2NhNjcuPSJceDY5IjskYTk1NGU

2YmFjMWVmMjQyNzdiYzlhMzE4MzMwYjljODYuPSJceDM1IjskZzJmNTgxN2EyYTU3ZDI2MjU5N2I2NDE3ZTBkZGV

lMjYuPSJceDVmIjskaDhmNDViMjVkMjhiNjg1ZWM1OWJiMTIwZjM0NGVhMzkuPSJceDVmIjskdDM0ZGFmZmIwZGQ

2YTRhMTk0OGY2Y2ViNTJiZGFhODguPSJceDVmIjskdjgwZjY3MTZjMWIwZjdmOGI1YWNjZTNkY2Q3NjlmNDEuPSJ

ceDVmIjskdzIyYmUxMjA2YzUxNjk1YzQzMTEyMmU1MTcxOTM4OTIuPSJceDcyIjskeTdmOTBhMzUwMDJkNjBlN2U

zY2FlOTZjZGIyNTY1NzMuPSJceDcyIjskbTE3NTI5NGQ5NGUzMWYzMzkzM2E1YWQ4MGQ0YWY5MWMuPSJceDcyIjs

kZjU1ZmZmYWEzNjEyMTY5MWRhZTRhNGI4Mzk2OTNiMmMuPSJceDcyIjskejJiMjAwYmE5OTJiZDk0ZDA3OTIzM2M

4YzlmMWQ5ZmYuPSJcMTQ1IjskYWJiN2NjYWRkOTBiY2I0NzUxNTgwOTk4Njk3M2JiYTUuPSJcMTQ3IjskcWFjNTd

hMWE2MGYwNGExYzg1YzNmMDdhYjU5NDgzYTAuPSJcMTQ1IjskbzVhMjRmNGUzZTBlMTRkYjYwMTZiZjA1YmY5M2N

hNjcuPSJcMTU2IjskZzJmNTgxN2EyYTU3ZDI2MjU5N2I2NDE3ZTBkZGVlMjYuPSJcMTQ1IjskaDhmNDViMjVkMjh

iNjg1ZWM1OWJiMTIwZjM0NGVhMzkuPSJcMTQ1IjskdDM0ZGFmZmIwZGQ2YTRhMTk0OGY2Y2ViNTJiZGFhODguPSJ

cMTQ3IjskdjgwZjY3MTZjMWIwZjdmOGI1YWNjZTNkY2Q3NjlmNDEuPSJcMTYzIjskdzIyYmUxMjA2YzUxNjk1YzQ

zMTEyMmU1MTcxOTM4OTIuPSJcMTM3IjskeTdmOTBhMzUwMDJkNjBlN2UzY2FlOTZjZGIyNTY1NzMuPSJcMTM3Ijs

kbTE3NTI5NGQ5NGUzMWYzMzkzM2E1YWQ4MGQ0YWY5MWMuPSJcMTYwIjskZjU1ZmZmYWEzNjEyMTY5MWRhZTRhNGI

4Mzk2OTNiMmMuPSJcMTY0IjskejJiMjAwYmE5OTJiZDk0ZDA3OTIzM2M4YzlmMWQ5ZmYuPSJceDM2IjskYWJiN2N

jYWRkOTBiY2I0NzUxNTgwOTk4Njk3M2JiYTUuPSJceDVmIjskcWFjNTdhMWE2MGYwNGExYzg1YzNmMDdhYjU5NDg

zYTAuPSJceDVmIjskbzVhMjRmNGUzZTBlMTRkYjYwMTZiZjA1YmY5M2NhNjcuPSJceDY2IjskZzJmNTgxN2EyYTU

3ZDI2MjU5N2I2NDE3ZTBkZGVlMjYuPSJceDZlIjskaDhmNDViMjVkMjhiNjg1ZWM1OWJiMTIwZjM0NGVhMzkuPSJ

ceDZlIjskdDM0ZGFmZmIwZGQ2YTRhMTk0OGY2Y2ViNTJiZGFhODguPSJceDY1IjskdjgwZjY3MTZjMWIwZjdmOGI

1YWNjZTNkY2Q3NjlmNDEuPSJceDc0IjskdzIyYmUxMjA2YzUxNjk1YzQzMTEyMmU1MTcxOTM4OTIuPSJceDcyIjs

keTdmOTBhMzUwMDJkNjBlN2UzY2FlOTZjZGIyNTY1NzMuPSJceDcyIjskbTE3NTI5NGQ5NGUzMWYzMzkzM2E1YWQ

4MGQ0YWY5MWMuPSJceDZmIjskZjU1ZmZmYWEzNjEyMTY5MWRhZTRhNGI4Mzk2OTNiMmMuPSJceDZmIjskejJiMjA

wYmE5OTJiZDk0ZDA3OTIzM2M4YzlmMWQ5ZmYuPSJcNjQiOyRhYmI3Y2NhZGQ5MGJjYjQ3NTE1ODA5OTg2OTczYmJ

hNS49IlwxNjIiOyRxYWM1N2ExYTYwZjA0YTFjODVjM2YwN2FiNTk0ODNhMC49IlwxNDciOyRvNWEyNGY0ZTNlMGU

xNGRiNjAxNmJmMDViZjkzY2E2Ny49IlwxNTQiOyRnMmY1ODE3YTJhNTdkMjYyNTk3YjY0MTdlMGRkZWUyNi49Ilw

xNDQiOyRoOGY0NWIyNWQyOGI2ODVlYzU5YmIxMjBmMzQ0ZWEzOS49IlwxNDQiOyR0MzRkYWZmYjBkZDZhNGExOTQ

4ZjZjZWI1MmJkYWE4OC49IlwxNjQiOyR2ODBmNjcxNmMxYjBmN2Y4YjVhY2NlM2RjZDc2OWY0MS49IlwxNDEiOyR

3MjJiZTEyMDZjNTE2OTVjNDMxMTIyZTUxNzE5Mzg5Mi49IlwxNDUiOyR5N2Y5MGEzNTAwMmQ2MGU3ZTNjYWU5NmN

kYjI1NjU3My49IlwxNTciOyRtMTc1Mjk0ZDk0ZTMxZjMzOTMzYTVhZDgwZDRhZjkxYy49IlwxNjMiOyRmNTVmZmZ

hYTM2MTIxNjkxZGFlNGE0YjgzOTY5M2IyYy49IlwxNTMiOyR6MmIyMDBiYTk5MmJkOTRkMDc5MjMzYzhjOWYxZDl

mZi49Ilx4NWYiOyRhYmI3Y2NhZGQ5MGJjYjQ3NTE1ODA5OTg2OTczYmJhNS49Ilx4NjUiOyRxYWM1N2ExYTYwZjA

0YTFjODVjM2YwN2FiNTk0ODNhMC49Ilx4NjUiOyRvNWEyNGY0ZTNlMGUxNGRiNjAxNmJmMDViZjkzY2E2Ny49Ilx

4NjEiOyRnMmY1ODE3YTJhNTdkMjYyNTk3YjY0MTdlMGRkZWUyNi49Ilx4NWYiOyRoOGY0NWIyNWQyOGI2ODVlYzU

5YmIxMjBmMzQ0ZWEzOS49Ilx4NWYiOyR0MzRkYWZmYjBkZDZhNGExOTQ4ZjZjZWI1MmJkYWE4OC49Ilx4NWYiOyR

2ODBmNjcxNmMxYjBmN2Y4YjVhY2NlM2RjZDc2OWY0MS49Ilx4NzIiOyR3MjJiZTEyMDZjNTE2OTVjNDMxMTIyZTU

xNzE5Mzg5Mi49Ilx4NzAiOyR5N2Y5MGEzNTAwMmQ2MGU3ZTNjYWU5NmNkYjI1NjU3My49Ilx4NzQiOyR6MmIyMDB

iYTk5MmJkOTRkMDc5MjMzYzhjOWYxZDlmZi49IlwxNDQiOyRhYmI3Y2NhZGQ5MGJjYjQ3NTE1ODA5OTg2OTczYmJ

hNS49IlwxNjAiOyRxYWM1N2ExYTYwZjA0YTFjODVjM2YwN2FiNTk0ODNhMC49IlwxNjQiOyRvNWEyNGY0ZTNlMGU

xNGRiNjAxNmJmMDViZjkzY2E2Ny49IlwxNjQiOyRnMmY1ODE3YTJhNTdkMjYyNTk3YjY0MTdlMGRkZWUyNi49Ilw

xNDMiOyRoOGY0NWIyNWQyOGI2ODVlYzU5YmIxMjBmMzQ0ZWEzOS49IlwxNDYiOyR0MzRkYWZmYjBkZDZhNGExOTQ

4ZjZjZWI1MmJkYWE4OC49IlwxNDMiOyR2ODBmNjcxNmMxYjBmN2Y4YjVhY2NlM2RjZDc2OWY0MS49IlwxNjQiOyR

3MjJiZTEyMDZjNTE2OTVjNDMxMTIyZTUxNzE5Mzg5Mi49IlwxNTQiOyR5N2Y5MGEzNTAwMmQ2MGU3ZTNjYWU5NmN

kYjI1NjU3My49Ilw2MSI7JHoyYjIwMGJhOTkyYmQ5NGQwNzkyMzNjOGM5ZjFkOWZmLj0iXHg2NSI7JGFiYjdjY2F

kZDkwYmNiNDc1MTU4MDk5ODY5NzNiYmE1Lj0iXHg2YyI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2E

wLj0iXHg1ZiI7JG81YTI0ZjRlM2UwZTE0ZGI2MDE2YmYwNWJmOTNjYTY3Lj0iXHg2NSI7JGcyZjU4MTdhMmE1N2Q

yNjI1OTdiNjQxN2UwZGRlZTI2Lj0iXHg2YyI7JGg4ZjQ1YjI1ZDI4YjY4NWVjNTliYjEyMGYzNDRlYTM5Lj0iXHg

2YyI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg4Lj0iXHg2ZiI7JHcyMmJlMTIwNmM1MTY5NWM0MzE

xMjJlNTE3MTkzODkyLj0iXHg2MSI7JHk3ZjkwYTM1MDAyZDYwZTdlM2NhZTk2Y2RiMjU2NTczLj0iXHgzMyI7JHo

yYjIwMGJhOTkyYmQ5NGQwNzkyMzNjOGM5ZjFkOWZmLj0iXDE0MyI7JGFiYjdjY2FkZDkwYmNiNDc1MTU4MDk5ODY

5NzNiYmE1Lj0iXDE0MSI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXDE0MyI7JGcyZjU4MTd

hMmE1N2QyNjI1OTdiNjQxN2UwZGRlZTI2Lj0iXDE0NSI7JGg4ZjQ1YjI1ZDI4YjY4NWVjNTliYjEyMGYzNDRlYTM

5Lj0iXDE2NSI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg4Lj0iXDE1NiI7JHcyMmJlMTIwNmM1MTY

5NWM0MzExMjJlNTE3MTkzODkyLj0iXDE0MyI7JHoyYjIwMGJhOTkyYmQ5NGQwNzkyMzNjOGM5ZjFkOWZmLj0iXHg

2ZiI7JGFiYjdjY2FkZDkwYmNiNDc1MTU4MDk5ODY5NzNiYmE1Lj0iXHg2MyI7JHFhYzU3YTFhNjBmMDRhMWM4NWM

zZjA3YWI1OTQ4M2EwLj0iXHg2ZiI7JGcyZjU4MTdhMmE1N2QyNjI1OTdiNjQxN2UwZGRlZTI2Lj0iXHg2MSI7JGg

4ZjQ1YjI1ZDI4YjY4NWVjNTliYjEyMGYzNDRlYTM5Lj0iXHg3MyI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjU

yYmRhYTg4Lj0iXHg3NCI7JHcyMmJlMTIwNmM1MTY5NWM0MzExMjJlNTE3MTkzODkyLj0iXHg2NSI7JHoyYjIwMGJ

hOTkyYmQ5NGQwNzkyMzNjOGM5ZjFkOWZmLj0iXDE0NCI7JGFiYjdjY2FkZDkwYmNiNDc1MTU4MDk5ODY5NzNiYmE

1Lj0iXDE0NSI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXDE1NiI7JGcyZjU4MTdhMmE1N2Q

yNjI1OTdiNjQxN2UwZGRlZTI2Lj0iXDE1NiI7JGg4ZjQ1YjI1ZDI4YjY4NWVjNTliYjEyMGYzNDRlYTM5Lj0iXDE

1MCI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg4Lj0iXDE0NSI7JHoyYjIwMGJhOTkyYmQ5NGQwNzk

yMzNjOGM5ZjFkOWZmLj0iXHg2NSI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXHg3NCI7JHQ

zNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg4Lj0iXHg2ZSI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI

1OTQ4M2EwLj0iXDE0NSI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg4Lj0iXDE2NCI7JHFhYzU3YTF

hNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXHg2ZSI7JHQzNGRhZmZiMGRkNmE0YTE5NDhmNmNlYjUyYmRhYTg

4Lj0iXHg3MyI7JHFhYzU3YTFhNjBmMDRhMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXDE2NCI7JHFhYzU3YTFhNjBmMDR

hMWM4NWMzZjA3YWI1OTQ4M2EwLj0iXHg3MyI7JHY4MGY2NzE2YzFiMGY3ZjhiNWFjY2UzZGNkNzY5ZjQxKCk7aWY

oJGE5NTRlNmJhYzFlZjI0Mjc3YmM5YTMxODMzMGI5Yzg2KCRhYmI3Y2NhZGQ5MGJjYjQ3NTE1ODA5OTg2OTczYmJ

hNSgiXHg1Y1w1MFx4MjJcMTMzXHgzMFw1NVx4MzlcMTAxXHgyZFwxMzJceDYxXDU1XHg3YVwxMzRceDJiXDU3XHg

zZFwxMzVceDJhXDQyXHg1Y1w1MSIsIlx4MjhcNDJceDIyXDUxIiwkdzIyYmUxMjA2YzUxNjk1YzQzMTEyMmU1MTc

xOTM4OTIoIlxyXG4iLCIiLCRxYWM1N2ExYTYwZjA0YTFjODVjM2YwN2FiNTk0ODNhMCgkZjU1ZmZmYWEzNjEyMTY

5MWRhZTRhNGI4Mzk2OTNiMmMoX19GSUxFX18sIlx4MjgiKSkpKSk9PSJceDYyXDE0MVx4MzdcMTQ0XHgzM1wxNDR

ceDMwXDYxXHgzNFw3MFx4MzJcNzFceDM1XDYwXHgzNFw2MVx4MzlcNjdceDMxXDYzXHgzMFwxNDFceDMwXDcwXHg

zOFwxNDNceDYyXDY3XHgzOVwxNDNceDMxXDYxIil7QGV2YWwoJG81YTI0ZjRlM2UwZTE0ZGI2MDE2YmYwNWJmOTN

jYTY3KCR6MmIyMDBiYTk5MmJkOTRkMDc5MjMzYzhjOWYxZDlmZigkeTdmOTBhMzUwMDJkNjBlN2UzY2FlOTZjZGI

yNTY1NzMoIldMZmtRYlpqUVJKaUx3VGxMWHJCeDZ0SWhMdEtTVGxranB3azY1b2NGcisvaThqSTJvcUVGb1FnbnB

zdjFibU16N0FIZCt3bTBncUNpNDRZalpNa2pkRzNuMnd4RElCdmJURnltWlVqaHJ2cUhQeFNrbkFZdzJzKy8zNW1

ERjBsaW5UaThOSD0iKSkpKTt9JG0xNzUyOTRkOTRlMzFmMzM5MzNhNWFkODBkNGFmOTFjKCR0MzRkYWZmYjBkZDZ

hNGExOTQ4ZjZjZWI1MmJkYWE4OCgpLCJceDM4XDYwXHgzNFwxNDZceDYxXDE0M1x4MzhcNjFceDM2XDYwXHgzOVw

xNDRceDMyXDE0NFx4MzBcNjdceDY2XDE0NVx4MzlcMTQ1XHgzNFw2NFx4NjZcNzFceDY2XDY0XHgzNlw3MFx4NjV

cNzBceDMwXDE0NiIpPyRnMmY1ODE3YTJhNTdkMjYyNTk3YjY0MTdlMGRkZWUyNigpOiRoOGY0NWIyNWQyOGI2ODV

lYzU5YmIxMjBmMzQ0ZWEzOSgpOw=="));

?>

Well truth is all of the following pieces of PHP codes are the same, heres where i did a quick automated obfuscation FOPO and with this we can do PHP obfuscation . you can also do other languages just a matter of searching.

Now this is not 100% full proof also another issue is that some of this methods make it hard for servers/language virtual machines(java) to understand very heavily obfuscated code.

other issues on java are lack of proper reflection programming .

Any way with this method think of how many newbies even leet* hackers and reverse engineers go like huh say what?

anyway will teach decoding all this manually later 

back to code.

sawa,

Wazi.

Unlocking BlackBerry [arg(For_free)] My Rants:

Well I don't normally do this until a friend (girl obviously) gave me a challenge to unlock her BlackBerry, well until then I never really cared about how the things work after all 1001 sites offer that for  a fee, but why pay while you can do it for free?

well the method should will not be really documented but if you want me to unlock it i do it for free... really am serious no cards, PayPal or M-pesa needed just free BlackBerry Unlock.

So what do I need simply put just write a comment containing the following:

Model:	9360
PRD:	PRD-41625-001
IMEI:	357965042471337

thats an example to flow with

FAQ

• Does this work for the Z10/Z30/Q series           (well not for now)
• Does this work for all networks               (for the once tested yes ...all possible once are tested)
• How do I get the PRD                          (Remove battery read where it has the following 'PRD')

                                   look at figure below

• Does this work for if i know MEP                         (Sure provide it as an option to also help)
• How do I find my MEP         (Tricky but if you have BlackBerry Desktop Manager I can help)
• What about IMEI                  (just dial *#06#)

Anyway Comment away :)

The Struggling Developer [arg:( MY_RANTS)]

Well an inspiration to this post comes from a simple explanation: là fait que --> Been There Done That.

haven't we all? ok from all the conferences, developer rants, side talks,forums (ok face to face) i swear only thing ave heard of is the developer struggles.... now most would say the salary expectancy, lets just say that's away from this picture as employment for IT techies,hackers,coders,developers and copy pasters has never really been an advisable path well from my side of the lawn.

Now i can tell you my stories from developing an excel macro system to websites that i charged 40USD (what.... wipe that look on your face probably higher than you will get ;) ) I kid , really what is the cure for all this SDS Struggling Developer Syndrome , well heres one or two options:

-Learn to Code

Yes , Learn to code, not :

google>copy>paste>run(repeat till module is finished)>package>deploy>sell 

-Learn to be Creative

Best instance .... give me one way you can improve a fully efficient system like lets say MPESA

-Learn to avoid the student apparel

Most common for students, see that torrent site.... in a few years it wont pay for shiet....see that Need For Speed ,trust me it will look better with money in your pocket.

-Learn to grow your experience

Get Projects, on odesk  ,elance wherever gather customer/client relations, coding skills, project management heck even just typing skills

this and many more skills will propel you much further. oww did the struggle stop :) well lets say if this is not the good life, this is the life :)

Back to code

Sawa Wazi

Silence and it's meaning

Well I guess we all agree that I have been rather silent, all in an explanatory mode ... See I am not really a firm believer in superstition but the fact that 13th of Friday this month did not let me do so..... What am I referring to? Well I befell an accident <---- I am so sure that grammar is a mess but hey it's my blog, anyway I accidentally fell from a moving bus and though this might seem rather odd I th ink my best explanation was trying something clearly meant for some one else.

Now am typing this from an iPad and believe you me it's not that much fun all I can say is am thankfully to God I made it out just with a ripped hip torn right arm and fractured right leg, now this is a blessing after all I could have died! Not to seem dramatic but that's not really a good thing.

Anyway the silence is partially coz of that and also on incoming projects I will be glad to share the details once I get clearance ^wink.

As me mentor always said ,

Back to code

Wazi

Tribute to a fallen coder

Well this is really brief and rather painful last Tuesday ,my second mentor in IT. In basic words passed on this would be Idd Salim Kithinji , having an accolade from this genius was enough to propel my ideas to be a household IT name, his blog and personal website a favorite of mine and to hold on to it is a promise I am willing to bravely endure, thank you for the congratulatory messages you posted to me on Facebook and the mighty accolades that followed I appreciate your work and hold on to this words with uppermost honor:

Back to code

Wazi

~thus speaketh Idd Salim

rIP

Safe Coding? <--- WTF is that.... nothing is safe or secure... just torment the bastard trying to get in [Part 1]

Well well well... I have been silent for a while... ok my bad, been in a very lazy blogging mood... but hey this mood has its perks as i have been active on other areas, ok so onto the topic...

I recently was sitting in a public service vehicle and next to me sat 2 guys (developers as i later came to learn) and to my awe they were discussing a system that they wanted to present to a client who would in turn present to a major local bank, MIDDLEMEN---> this now i just had to listen in...ok i know it ain't cool but dont act like you don't do that and give advice inside yo head .... ok anywho , this guys were talking just as your average and normal coders would.... how they will develop the system, and show the middleman and not give the source code to him....

SMH right there till it was actually visible i was listening to their conversation... now to be really honest it took a lot of guts if you know me very well to turn and say hi* to them, may i interject .... my name is ...... and heres my card, if you want to really talk about your system.... call me, i alighted at the next bus stop and walked off like a boss... problem is that wasnt my stop and yes , i know i was trying to be mystic but hey my cards say and state, Information Security and System Forensic consultant right at the top but this i had to sell ... wrong bus stop or moves incorperated now thats really beside the point....

today i got a call from my two developers having listened to their earlier conversation i was already guessing the worst for them to call me ... trust me IT Gurus and as they like to be called Geniuses hardly want any help from outside forces .. and i am down with that EGO thing after all 3 guys create a social application that even the FBI and CIA want to jump in so bad while other 2 create a search engine that every organization want.... hey its a god-complex we develop straight from the Hello-world application we started even if it was in HTML and called it programming / Coding....

Now let me skip all this gibber jabber and get on to what is really bugging my system.... a few blog-posts ago i had this really big issue with the lecturers /trainers / teachers/ consultants and newbie developers , why because people want to develop without security... how is this...

When i am called for a pentest and have a white box testing that sorta looks like its black box in the form that i have everything from my recon via your system developer... i already owned that pentest.... heres how:


INSECURE CODING METHODS techniques

Code reuse---- oww come on , i also have done that... am not a god in coding but honestly i have done that.... and though you may not actually now this but yes code reuse to me constitutes the biggest security flaw in my pages here is how
developerA creates a web application --- uses a form login .php/.ASP or so and sees no harm in re using the whole darn ish.... once i find any of his earlier systems chances are he has already done the same errors and configurations as before... his database tables are nearly the same and yes even the the naming structures are just a whole lot the same e.g {nameOfWebApp_tblUser} a little change on havij default table dictionary/wordlist and voila i might be in for good luck on his system... well its not always that easy but trust me sometimes you are as string as your weakest link....

Googled code----ok this is the most interesting one... its close to code reuse only worse.... why? because this is the last resolve to noob programmers.... worst is ... if it works... i don't need to know what its doing past that... what do i mean take this code for example

db_query('SELECT foo FROM {table} t WHERE t.name = '.$_GET['user']);

db_query("SELECT foo FROM {table} t WHERE t.name='%s'",$_GET['user']);

So which is the good code and which is the bad code... heck both of them will do the same especially in a drupal cage.... but one will let me do more than desired/required.... now if you google the first code chances are you will actually find it

and yes we actually do ..... find it. In a lot of forums by the way.

well this and a lot of practises that i normally do in my trainings and show the developers how this is really bad. PS the above vulnerable code does a very good SQL injection.... now

to my friends who contacted me... my lips are sealed on what the system is doing or going to do but honestly.... if possible... eliminate the middleman, copyright and patent your inventions because there is nothing like safe or secure coding/presentation .... part 2 will contain methods of tormenting the bugger trying to get your code

oww and my view of open-source , I ADORE OPENSOURCE..... p.s it doesnt mean its free coz its open-source HECK NO.... i hope you guys have your tools ready for part two looking for vulnerability in your code

Software Cracking/Disassembly/Debugging ... call it what you may this is just the beginning

So recently i got a little of complains about not showing people how to crack software and how i have not shown how software is broken into using reverse engineering well here is the guide to doing all this... right here am using

Ollydbg
Hackers disassembler
coffee
coffee
ASM
and more coffee
For this example i will be using a software that has been in the past been used and numerous tutorials have been published and video documented , the reason am going to do this is to:
elaborate what really happens in ASM and reverse engineering using various methods such as creating a software crack.
Also this is barely an easy task we will be breaking down a little about ASM in general though this is hardly a substitution to ASM tutorial... please understand ASM enough to indulge in this... numerous times have i been approached by people saying they cannot understand what is happening or what or why do we do JMP to NOP... well i will show you why but please if you have no idea what JE or JZE translates to and their similarity and maybe their relation to ZL please... refresh your understanding with assembly with the provided documentation and pdf tutorials on this site here

Moving on.... we can fairly start... here am using WinRAR ver 3.80 ... its quite old around 2008 release so its ok for us to use it for simple testing.... we can try the 5.0 beta 7 2013 release but lets get the basic understanding of what happens shall we?

so a copy of it can be found in our trusty site for old apps oldapps.com ---> good for finding old , previous versions of software. moving on we download our WinRAR
Then We install...

After the final Setup we can see what it tells us about the product

We Start it and the first thing we note is the program is an evaluation copy as we noted when downloading and installing that its a trial

opening its about we can see that it has 40 days for trial

I go back again to my method that is ... error generating ... :) in Vulnerability/exploits errors are a very good friend of yours in this method what i do is forward the date in my machine past forty days to see if the program is affected by that.... why? .... check out this post to in my earlier post explaining why i did that. Moving on when i change the date the program acts out with an error saying the time extension has been passed.... well thats a good thing... now what do we want to achieve....

1. to crack the software would mean to remove the (evaluation copy) message....
2. allow us to use the software without time restriction.... which is removing the message box about purchasing the software....
we good ? aight lets go...

we fire up our Hacker Disassembler ... let me refer it to HD for now ..cool? aight
now loading up HD with the WinRAR executable we find tonnes of information and ASM code... now what we need is the required steps to activate* the software so here goes nothing...

we do a simple search for the string 'evaluation' ... we don't search for the whole bit to get the most outputs of the string 'evaluation' .. ok?

with that we get a string match

how do we know this is what string we want.... observe the code below circled in red.... there is an output that states in a comment (you all know how comments on ASM are made right with a semicolon) and its states.... and points that the ( <---- starts from there that is the first bracket to (evaluation copy) is there... this can be clarified by scrolling down and you will find the rest of the string there...

now looking at the above code what do we see.... well i will break it down to the most none-asm way possible but will explain every term we need ... we can see that the program moves registers first(this may not be the same as the programmer compiled it as asm has a way of optimizing code) so the first two mov are done then it calls a certain address to act moves a register again....performs an arithmetic function (eax) of subtraction (probably to check the time difference----we don't know yet since we have not gone to all the calls and functions here its just a cracker/programmer intuition ) we call an address again then we compare (cmp) a byte to an address  then the program does a jne---> hoping you know what a jne is ...which means it does a Jump if Not Zero which its a  conditional jump... A GOOD THING.... now we wont even go further since we find a condition that must be fulfilled so as the above error must be displayed... you get where am going with this... cool

now note down the address that the JNE is allocated and leave it at that... on my end its 00444B71

we move on from that.... now the next step is to go for the error thats thrown off when a certain period is past.... this is the message box telling us to register... now the box has a string message stating
'Please Purchase WinRAR license' ... now one thing about it is it was a Dialog box ... so we click on the D on the HD and we get all Dialog References..... here we search for it by typing Please.... well mine showed up just when typing plea* :)

we double click on the dialog reference to get to where its addressed it gives us the below address and with that we basically have the dialog right there in red... we see it has various options before it does a push of an address.... now this push is what we want/don't want... get what am saying... its what we want as of now ... i.e to see in the asm code ... but its what we ... DON'T want in the executable when it runs....

alright

now what we so like before we note down the address the command holds.... on my end its 0048731A
and we move on

now here is where we fire up our little and mighty Ollydbg....  and load up the WinRAR executable

we now have the addresses we want to go to... so we right click on the frame that has loaded up the executable ... (top left frame) and click 'Go to' we can do this with a short cut that is CTRL+G ...

on this we paste/type our address... the first one and click Ok to go to that address that holds the conditional jump we want/need

highlighted in gray is the area of interest.... and we can see the JNZ that is loaded is the one we want... a lot of ASM new comers ask why do we get JNZ and we wanted JNE well here is a little analogy i use to help the predicament...

JNE is Jump if Not Equal
while
JNZ is Jump if Not Zero

the two assume a Jump condition is to be fulfilled only if the execution doesn't bring a Zero or anything equal to a Zero same thing right o___0 ... go figure

Now what we want is to do a simple thing;

 change the conditional jump to a none conditional jump

with that we can stop the execution of the string we want to get raid off.

with the above we right click... only this time we choose > Binary then Edit while we have selected the line of address ....
here we have HEX+01 which we need to edit.... now to change a JNE to a none conditional jump such as JE its opposite we have to have it as a minus one in the 85 field to become 84 seeing as:

Instruction Jump Condition          Test
JE                 Jump if Equal                  ZF=1
JNE                 Jump if Not Equal         ZF=0
JG                 Jump if Greater         (ZF=0) AND (SF=OF)
JGE          Jump if Greater or Equal SF=OF
JL                 Jump if Less                 SF≠OF
JLE           Jump if Less or Equal (ZF=1) OR (SF≠OF)

see this link for the whole table that will explain better and easier

we can give it any range as long as it will not be Zero result

Now after that we will get the below code having it changed to a JE....



moving on... we again head on to the second address which is the following

 we paste /type our address from before and ....

we land on our PUSH address .... that pushes our dialog box.... now what we want to do is kill the push.... how.... well simple by filling it with NOPs .... what are NOPs... this are No data/ No Command/ No assignment to addresses or registers.... so what do we do

We right click and it select the entire line go to
 > Binary
and select
> Fill with NOPs

.... filling with 00s in other programs also works... tweak around and observe....

as the diagram below shows the red code on the left that is filled with NOPs

Now what we want to do is save this cracked*/modified executable... with that we do as such....
right click go to....
> Copy to executable
>All Selections

you will get the below screen with the following notations at the top left D*
select'
>Save file

Save it to a place like the desktop.... first or save it with a different name in the same folder and ....

Now after that close up your Ollybdg or whatever Disassembler .... and execute/run it.... the executable you created and saved... and like mine on the desktop.... see what it brings up... a cool interface that has no evaluation required....

As it goes thats the procedure..... well for most applications .... this is just the basics and we can move on to harder more complex applications... please use this knowledge for good but not to diminish people/companies from their sweat and products/services

as a developer you may ask how do i secure myself from this.... well in a lot of ways

• Write code with the intentions of not letting people crack it... :) ... avoid being to easy when creating dialogs and strings for responses.
• Comments are good but can also lead to fatalities.
• Obfuscate your code...
• Tweak methods to display errors when in need to only.
• Optimise your program by also doing a jumble up of serial/product key functions.
• Use sophisticated algorithms to create keys/serials .
• Use files instead of Keys.
• Activate product online(also helps).

Remember you are as strong as your weakest links :) with that.... I am out and CIAO

Exploit writing .... for humans .... yes its possible

I think this topic is a little hushed due to its nature of sophistication or learning curve....

going from my earlier post about software cracking (I hardly spilled the ASM beans on that one) hence a little offset will probably occur here.... on this.... what i will do is break down the barrier of programming language that is high level and low level...

so what will need to know before we start

• a high level programming language.... e.g C,Java,Python,Perl or Ruby
• and yes we need to know a little enough about ASM(for now ...if we advance we need to add more to our stack)
• Metasploit is not a must but can be very helpful
• math.... yes a lot of mathematics

this will be sort of long since i will break it down to the bare essential so if you think its too soft.... thats because it is... moving along

• Reverse Engineering--- this is simply breaking down an object/code in our case and getting a look at the code from a decompiler
• ASM--- assembly language (just google this part ... i will wait) yes its that.... but heres the trick about ASM... it has a lot of gibberish but its very understandable some terms

functions------- e.g POP, PUSH ,MOV,SUB ,RET
register ----    AX multiply/divide, string load & store

CX count for string operations & shifts
DX port address for IN and OUT
BX index register for MOVE
SP points to top of stack
BP points to base of stack frame
SI points to a source in stream operations
DI points to a destination in stream operations


Along with the general registers there are additionally the:

IP instruction pointer
FLAGS
segment registers (CS, DS, ES, FS, GS, SS) which determine where a 64k segment starts (no FS & GS in 80286 & earlier)
extra extension registers (MMX, 3DNow!, SSE, etc.) (Pentium & later only).

^borrowed from wikipedia

The IP register points to the memory offset of the next instruction in the code segment (it points to the first byte of the instruction). The IP register cannot be accessed by the programmer directly.

 

this are just examples and barely scratch the surface of what is happening.... explaining that would probably require another blog....

now here is the explanation to the above 

a register is a place you do stuff---that easy huh hehehe yaah for now... registers are work benches 

like EIP is what is about to happen next

and ESP is a workshop---when we working

and EAX mostly.. math is done in there ---> this simply my analogy from my teachers point of view.... 

 

now moving to disassembly (google that also) we have various tools that can do all this decompiling... now for me i will not dare recommend any tool ... just mess with them see what is your best method /tool to approach the code/apps here are some examples

debuggers

• Ollydbg
• SoftIce(very old though)
• IDA Pro(yes its expensive---but worth it)
• Immunity is also a good option so also try it

moving on now something really cool about ASM.... ASM works on a step by step procedure... what do i mean... when ASM wants to work with an *object... it does so one step at a time... now here is the interesting part... if it had stacked an object under ten procedures... it will have to go back through the same ten procedures in reverse to pick it up again.... then start working from there....

ok moving on.... i wont spend more time here but if you came for exploit development am guessing you are ready for whats next.... 

Methods of attacking the application

now a lot of people ask me how do we even start by attacking a software ?

assume you have a sole responsibility to pentest a music/media software... our example will be a software known as Easy RM to MP3 Conversion Utility    its a small ,media oriented software 

we can also use vlc,adobe,word anything that will basically be an exe for now... but lets start with this aight...  

method of exploit... buffer overflow what is buffer overflow?... this is when an application cannot handle excessive data and spills it... well not exactly spilling it out but into another workbench /Register

then how do we know how to get a buffer overflow? we crush it... per say we bring out errors

... i mean how do we get errors from it ... well you broke the first code lassy... we get errors from it .. 

 

heres how fuzzing... what is fuzzing (google that ... am waiting).. got it? ok now here is where we create a fuzzer (yes not all tools are already made when hacking)

so here is a simple fuzzer

and when we run the fuzzer.... we get the following 

moving on from that what we have created is simply a file that will be read by the media app i.e Easy RM .... it contains a lot of data that is basically A's so here is our output when we get it to open (i changed to kali linux from mac here for reasons you will see just ahead)

now here is when the fun begins (well not all times will the app crush directly sometimes we need more As aka junk data so we multiply with more if we need to) so does it crush yes it does B) 

moving on we now want to see whats happening when it does that.... we fire up our trusty Debugger i will use Ollydbg for now so here is the open session screen and attach the running (new running )process of Easy RM... hanged the fuzzer to bring out Bs ... not thats its needed to just me being me....

so we attach the process to ollydbg and open our new crush file (with Bs---just checking if you following) and again baaam it crushes... this time with this showing on our ollydbg

let me do a little explaining.... on the window on the right side we have the Registers...
on our top left side we have a blank part but thats the because our program crushed on an earlier look it would be filled with the program functions the NOP POP MOV and what have you ....
lower left has a little of everything the hex,ascii (everything thats going on)

so we have something at the furthest end.... the top right corner... on that side we have a lot of BBBBB.... as u can see then we have a very interesting notation

looking at it we have Bs in EBX ,ESP then to our favourite Register EIP.... why is it our fav ... its because 1... programmers can't directly access that register... not even on an ASM level.... 2. EIP as i stated earlier is what is about to happen .... thats right ... NEXT .... so that means its what is unknown to the program at that time... hence we can call any function if we spill that called function inside there.... and that function is our... YAY hahaha no abbreviation for that, our ShellC0d3 <---- ok thats not so cool) but ....

hold your horses ... we far from that well not that far... depending on which high horse we decide to pull an allnighter on ... ok now what we need to do is know where excatly the code *breaks at.... how do we do that?.... we create a pattern

now EIP is only 4bytes big/in size so what happend is along all those Bs i sent or were loaded there is a place with the 4 bytes that caused the crush.... now what we wanna do is try and get the 4 bytes location... now this can be done it two ways... the manual way where we create a fuzzer with diffrent As and Bs characters as sucj 3000 As and 3000 Bs so is we get As only its in the range of 3000 if we get Bs its in the range of 3001 and above true?.... this is the deffrential method....
we also have a tool for doing that in metasploit... this tool is a ruby script called pattern.... so here it is working its magic....

and it creates a sequence that looks like so.....
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8..... and so on now we will modify our script to this

with that i can go on as now our script./fuzzer looks like so ...moving on now we can get a pattern that doesn't repeat itself and we can look for our 4 bytes 

and again BAAAM our sweet application crushes.... but this time we note our EIP .... now our EIP contains not 42424242 nope now it contains a sweet melody of 7A53307A with this we can tell how this is going to go down....

now here is where the math comes in.... P.S dont be surprised if you get a different Address it just depends on what your file path in the executable is... it may be longer or shorter now... to offset the data

where getting a tool to offset still in metasploit i get this

for my first offset.... now with this i can conclude the exact size of the buffer before i write my shell code... the center one being what am looking for.... now for this it means,35071 is the buffer length needed to overwrite EIP. So if i create a file with  35071 A’s, and then add 4 B’s (42 42 42 42 in hex) EIP should contain 42 42 42 42.
 

here is the result... and am all smiles with that

so what does that mean... we have found the soul important address that the register overflows at B) and that is a very good thing.... now the shell code ... ah ah not yet.... why... thats because we cant fit a whole command prompt/shell code in 4 BYTES!!! thats crazy .... but we do have something else... remember when we we busy filling the program with As or Bs .... on our bottom right on the debugger
we had something like such


with that.... we have a way in.... now what we have to do since the As or Bs were filled in a ESP register we have too look for a JMP ESP function.... why since we wanna jump to the code .... fill it with data.... and the register that is filled from the ESP code that is the EIP which we cant***** access programmatically and also awaits to execute the overflowing data........ runs the desired shellcode so... here we go

 on the above screen shot---- we click on E* to bring up the executables....
listed below are the executables....

now a little note to be noted <--- what hahaha alright .... the system processes we see are quite ok to use also... but this will be platform DEPENDANT in sense ... if we use them they can only be used by a person attacking the same platfrom e.g XP service pack 1 will work only on SP1 platform of XP and so on.... anyway using the same application executable really will save us much... plus its what we will do.... so here goes nothing..... we select the executable for Easy MP3.... if it had dlls we could use them if we wanted to....

so we select the executable since we dont want too many exploit restrictions..... and we search   in the code for the JMP ESP command..... this we get from here

wuuuu ..... with that.... we can set a break point to observe if the JMP ESP is going to hold any water..... now this is not a must its just a procedure if u run into an issue while working, now whats our address in the JMP ESP?  7CA7A787x86 processors have a habit of ending up in little endian encoding so we read addresses as  \x87\xA7\xA7\x7C .

  

now to generate our shellcode.... there are a lot of ways .... but best way is by use of metasploit... AGAIN B)..... here is how using the msfweb method 

and with that we generate a bind payload..... 

...... now lets go to our fuzzer....

after generating the payload.... and encoding it with ShikataGaiNai to evade a little and bring a little peek a boo .... we are ready to put the shell code into our fuzzer.... so here we go 'B)

we create a script/fuzzer that looks as such

 and with that we generate the playlist we want to be ran by the victim.... and we test to see if it works...

 what do you know... it opens and doesnt crush :P

ok lets see if the shellcode executes ok....

 VOILA!!!! ....there we go :)

our payload works and binds us to port 4444... wow nice huh... yeah ... anyway this is a very simple application to attack... adobe, vlc, java-dependant software have the same kind of feel and feed.... it gets a little tricky though if obfuscated and also if the program does not have 3rd party dlls... well i hope this is a start for you ...if you want more on ASM check out my links with PDF downloads ... here will be posting the video for this soon so please keep in touch.... ask questions in comments if you need any help ...where i can i will gladly help where i can.

CIAO happy hunting.