User Controls
Sh/Bash based malware for *Nix.
-
2021-10-08 at 9:12 AM UTC
Originally posted by troon Are you maybe a schizo-posting pedo?
A zero day multi-arch ring3 to ring0? I fucking wait with bated breath.
I'm not sure whether to laugh or cringe.
Evidently you lack the ability to read a few sentences without somehow fucking up. I never said the rkit was 0day, I ASKED if the xorg thing was 0day before going on to talk about an UNRELATED rootkit that I plan to post. Maybe before diving right into ad hominem, try actually reading what I wrote properly? Either you didn't properly read what I wrote, or you completely misunderstood what I wrote. Either way, it makes you look stupid considering I never even said anything about ANY of my stuff being zeroday. -
2021-10-08 at 12:26 PM UTCYeah, I did notice that, I just decided it made almost no difference to what I had written.
-
2021-10-08 at 3:36 PM UTC
-
2021-10-08 at 4:28 PM UTC
-
2021-10-09 at 10:52 AM UTC
-
2021-10-09 at 10:56 AM UTCYou are all nothing but agents for the GANGSTER COMPUTER GOD
Burn down your office! it's the only way to become human again otherwise you will die as a tool
-
2021-10-18 at 1:28 PM UTC
Originally posted by troon I got a DoS zero-day in a single line of pure bash script:
sudo shutdown -h now
Let me walk you through it.
The 'sudo' command does stuff.
The 'shutdown' command is self-explanatory. It shuts things down.
The '-h' is what we call a 'flag', but I've seen it referred to as a 'parameter'.
And the 'now' command is in there, but I don't really know what it does. DO NOT OMIT IT OR THE HACK WILL NOT WORK.
If it asks for a password, then you're on your own. I can't help you on that bit.
Oh, if anyone from Fin7 is reading this, can you pick up a carton of semi-skimmed from the shops on your way home?
You're all welcome.
Go post on HF troon, you'll fit right in. -
2021-10-18 at 1:31 PM UTC
Originally posted by MLT nice xorg vuln, is it a zero-day? I've never seen it before.. if it's 0day then damn nice :P
also, nice thread in general. I've got a ring3/userland linux rootkit based on DR0 (debug register, as opposed to LD_PRELOAD / dynamic linker) which I'll post tomorrow… it's multi-arch too (inline asm for each architecture.. itt'l use uname -m or /proc entries to detect the architecture in use, then run the relevant arch-specific inline assembly from there).
Also, I said it's userland… well, that's not fully true. It's also active in kernelspace. It's just residing in userland/ring3 rather than at ring0, so that if the fucker updates their kernel they're still hooked. So basically it's living in userland but is performing ring3->ring0 hooking
I suck dick at C(++), ASM, and kernel stuff in general… so I'm actually really fucking happy with how this kit has been coming along. It's only the 2nd kit I ever wrote too. First used LD_PRELOAD.
The bash obfuscation you posted has inspired me to post a thread detailing a bunch of my bash obfuscation tricks, too :)
EDIT:
lol… do we know eachother btw? If so, who are you? PM if you don't wanna reveal your nick here.
Just noticed you posted this https://niggasin.space/thread/5020 (that fuzzer is incredibly gross btw lmao wrote it for the memez hence the goto(); sphagetti code, zero bound checks anywhere, and user inputs passed to syscalls errywhere. I wrote a proper flash fuzzer in ruby. I'll upload that one for you. It uses the same lists, but it opens proper sockets etc rather than doing fucking gnome-www-browser loool)
If we do know each other we should follow each other on Github. Maybe i already do. I'll get back to you in a bit. -
2021-10-19 at 8:50 AM UTCyou sad schizo cunt. you should go ahead and follow yourself, then randomly unfollow and have yourself a neurotic meltdown.
-
2021-10-19 at 9:54 AM UTC
Originally posted by troon you sad schizo cunt. you should go ahead and follow yourself, then randomly unfollow and have yourself a neurotic meltdown.
Lmao you really think MLT is my alt? I guess with your levels of ignorance and arrogance i shouldn't be surprised. Just come to terms with the fact you're a skid and move on kiddo.
You're almost as bad as rabbitdweeb, but at least he's a programmer, from what i've seen you post, you're all just bluster, nothing more nothing less. Which is why concepts of offensive security are unfathomable to the both of you. -
2021-10-19 at 3:27 PM UTC
-
2021-10-20 at 9:33 PM UTC
Originally posted by Sophie If we do know each other we should follow each other on Github. Maybe i already do. I'll get back to you in a bit.
I'm not particularly active on github these days. Majority of coding I do is behind the scenes. Although I could make some private repos to add you to those for some cool projects I'm working on (a stealth-based webshell, a custom uri scheme fuzzer, a web-based spear phishing framework.. to name a few)
I'm mostly active on keybase or matrix. Or you can find me at https://twitter.com/0dayWizard or https://twitter.com/insecurity if you happen to use twitter.
Originally posted by troon you sad schizo cunt. you should go ahead and follow yourself, then randomly unfollow and have yourself a neurotic meltdown.
Your attempts at trolling aren't even funny or creative. Just boring. Seriously why didn't anyone tell your mother to have her tubes cut before having sex with her crack dealer?
You're calling people schizo but you're the only person here acting like a schizo.. and you clearly lack knowledge relating to fundamental concepts of cybersec considering your response to my message about a Linux rootkit. If you have nothing worthwhile to contribute to this convo, then just stop posting. Oh, and for the love of humanity.. please don't ever breed you fucking worthless reject. Do the right thing and allow your bloodline to become naturally eradicated from the gene-pool. -
2021-10-20 at 9:58 PM UTC
-
2021-10-21 at 9:57 AM UTC
Originally posted by troon you got me. i can taste my own tears. i'm really not trolling you, just responding to your crap-posting and schizo outbursts. then i learned you're actually a sick individual. i had thought it was satire, or at least just for your imagination. but no.
You're literally messaging two entirely different people you incompetent fuckwit lol -
2021-10-29 at 11:43 AM UTC
Originally posted by MLT I'm not particularly active on github these days. Majority of coding I do is behind the scenes. Although I could make some private repos to add you to those for some cool projects I'm working on (a stealth-based webshell, a custom uri scheme fuzzer, a web-based spear phishing framework.. to name a few)
I'm mostly active on keybase or matrix. Or you can find me at https://twitter.com/0dayWizard or https://twitter.com/insecurity if you happen to use twitter.
I stopped using twitter a while ago. But if you could PM me where i can find you on Matrix i'll add you/join your server. Collaborating on some private projects sounds dope. I can keep a secret if you can.
Let me know.