User Controls

Evidence Fabrication Tool.

  1. #1
    Sophie Pedophile Tech Support
    So the recent 'Hacking Team' hack has revealed some pretty fucked up tools. Take this one for instance that can be used to fabricate evidence of CP on your target's computer among other damning 'evidence'.




    #This is just an excerpt, the complete code is provided below via the github link.


    [TABLE="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_highlight wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_tab-size wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line-container"]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]require 'rcs-common/evidence/common'[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]require 'digest/md5'[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]module RCS[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]module FileopenEvidence[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]ELEM_DELIMITER = 0xABADC0DE[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]def content(*args)[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]hash = [args].flatten.first || {}[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]process = hash[:process] || ["Explorer.exe\0", "Firefox.exe\0", "Chrome.exe\0"].sample[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]process.encode!("US-ASCII")[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line, bgcolor: #F8EEC7"]path = hash[:path] || ["C:\\Utenti\\pippo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"].sample[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]path = path.to_utf16le_binary_null[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"] [/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content = StringIO.new[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]t = Time.now.getutc[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write [t.sec, t.min, t.hour, t.mday, t.mon, t.year, t.wday, t.yday, t.isdst ? 0 : 1].pack('l*')[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write process[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write [ 0 ].pack('L') # size hi[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write [ hash[:size] || 123456789 ].pack('L') # size lo[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write [ 0x80000000 ].pack('l') # access mode[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write path[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.write [ ELEM_DELIMITER ].pack('L')[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]content.string[/TD]
    [/TR]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line"]end[/TD]
    [/TR]
    [/TABLE]


    Imagine being the victim of that, you can kiss your life goodbye. https://github.com/hackedteam/rcs-co...ce/file.rb#L17
  2. #2
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Use a good rule-based software firewall with manual control and they can't get shit on your computer. Any port they open, every packet they transfer, every command they run, every process they start, is enhancemented through the firewall's engine, locked down, and presented for convenient management. It's the closest anyone will ever get to a bullet-proof machine.
  3. #3
    Sophie Pedophile Tech Support
    Use a good rule-based software firewall with manual control and they can't get shit on your computer. Any port they open, every packet they transfer, every command they run, every process they start, is enhancemented through the firewall's engine, locked down, and presented for convenient management. It's the closest anyone will ever get to a bullet-proof machine.

    Obviously this is a post exploitation tool, meaning that when you have this type of shenanigans to deal with you're already past the point of prevention.
  4. #4
    -SpectraL coward [the spuriously bluish-lilac bushman]
    Yeah, I knew that. I was just pointing out that if people don't take at least reasonable precautions, in this day and age, to prevent the possibility of this happening in the first place, then they fully deserve to get fucked over and GTFO the Internet.
  5. #5
    R1v3r Yung Blood
    Obviously this is a post exploitation tool, meaning that when you have this type of shenanigans to deal with you're already past the point of prevention.


    This is what my friend and I were just arguing. Totally post-exploitation. The file path is very specific. Does this vary from machine to machine with:
    [TABLE="class: wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_highlight wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_tab-size wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line-container"]
    [TR]
    [TD="class: wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_tab wysiwyg_table_le_wysiwyg_table_blob-code wysiwyg_table_le_wysiwyg_table_blob-code-inner wysiwyg_table_le_wysiwyg_table_js-file-line, bgcolor: #F8EEC7"]path = hash[:path] || ["C:\\Utenti\\pippo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"].sample[/TD]
    [/TR]
    [TR]
    [/TR]
    [/TABLE]

    Like is it "randomly" generated?
  6. #6
    Sophie Pedophile Tech Support
    This is what my friend and I were just arguing. Totally post-exploitation. The file path is very specific. Does this vary from machine to machine with: [TABLE="class: wysiwyg_table_wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_highlight wysiwyg_table_wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_tab-size wysiwyg_table_wysiwyg_table_text_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_wysiwyg_table_js-file-line-container"]
    [TR]
    [TD="class: wysiwyg_table_wysiwyg_table_text_table_wysiwyg_table_wysiwyg_tab wysiwyg_table_le_wysiwyg_tab wysiwyg_table_wysiwyg_table_le_wysiwyg_table_blob-code wysiwyg_table_wysiwyg_table_le_wysiwyg_table_blob-code-inner wysiwyg_table_wysiwyg_table_le_wysiwyg_table_js-file-line, bgcolor: #F8EEC7"]path = hash[:path] || ["C:\\Utenti\\pippo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"].sample[/TD]
    [/TR]
    [TR]
    [/TR]
    [/TABLE]
    Like is it "randomly" generated?

    I honestly have no idea, i didn't read all the related materials yet and there are quite a lot as you can see under this category in the specific github page https://github.com/hackedteam/rcs-co...ommon/evidence
  7. #7
    arthur treacher African Astronaut
    This sort of program was a rumor for many years, the people who contract the work out to these companies are some ruthless, evil fucks.
  8. #8
    -SpectraL coward [the spuriously bluish-lilac bushman]
    When you stop to consider the fact that any attacker could quite easily inject shellcode by way of "driveby" attack directly through the browser's port, thus gaining complete control of the system in seconds with a single view of the webpage, it makes these specialized attacks look kind of lame by comparison.
  9. #9
    Technologist victim of incest
    Now how is this old thread bumped when the last post was above me in 2015?

    What’s up with that? I saw a bunch of bumped threads yesterday with the last post being in 2015.

    What’s up with that?
  10. #10
    the man who put it in my hood Black Hole [miraculously counterclaim my golf]
    yeah im sure having "ppo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"]" is gonna get you locked up for a long time
  11. #11
    Originally posted by -SpectraL in this day and age, to prevent the possibility of this happening in the first place, then they fully deserve to get fucked over and GTFO the Internet.

    were you saying that people who dont wear armors deserve to be shot ?
  12. #12
    Admin African Astronaut
    Originally posted by arthur treacher This sort of program was a rumor for many years, the people who contract the work out to these companies are some ruthless, evil fucks.

    But what do you have to do to get someone to frame you for cp?

    Cut their penis off?
Jump to Top