Hier wird euch erklärt wie ihr die stub von Poisen Ivy 2.3.0 UD machen könnt!
Zitat Zitat von stranger21
Hi all

Many of ppl who hex dont know how to hex PI client since it doesnt contain a stub like bifrost ..It contains res sections that are included in the server .It depends on the settings you choose for the server.
I have mentioned the res that are in the PI client.

RES section are for :

DYNPROXYSTEAL.res for hijack proxy setting
ADDAUTOSTART.res for Auto start setting
PERSISTTHREAD.res for persistance setting
PENORMAL.executable for PE of server w/o icon support
PEICON.executable for PE of server with icon support
SHELLCODE.res shell code always included in the server
PILIB.executable always included in the server
BSDATA.res ?
Data_JOURNALLOGHOOK.res Always included in the server

OK now the way to hex PI is as this:


-Open the PI unpacked client with any res hacker etc...e.g:"PE explorer.."

-Do as here:


-After that select all the saved files and open them in Hex editor

-Create A PI server with 127.0.0.1 or anything, use these settings:
In the connections Menu choose hijack proxy & persistant.
In the install Menu choose ActiveX start-Melt-Key logger-Persistance.
In advanced Menu Inject into a custom process

-Now hex the server and find the detected value and change it and try the server that must work of course(to continue the work)

-Now copy the line that contains the detected value:

-After that ctrl+F and paste the copied line and search in all the opened files in the hex editor

-When u find the line. change the value u changed in the server.

-Replace the edited res or exe in the PI client.

-Now create the server it will work now and UD from the AV u hexed from.


N.B:Any question or if u didnt undestand the concept reply in the topic.



This TUT was written by ::Stranger21::

Good Luck in HEXing guys

//edit this is a vid tut abt that
http://rapidshare.com/files/37929412....0_UD.rar.html
pwd : uNkn0wn.eu