Posts by Merlin

2015-10-10 at 4:09 AM UTC in Look at this shit...

Merlin Houston

He was probably circumcised as well.

2015-09-26 at 1:17 AM UTC in Recovering Overwritten Videos?

Merlin Houston

Depends. There is no evidence that anyone can recover data that has been overwritten. B-bbbut even if the disk is fubar pieces could still be recovered.

2015-09-26 at 1:12 AM UTC in Windows 7 and 8 updates spy on you.

Merlin Houston

No exploit can get around a rule-based firewall in manual configuration mode. As soon as it tries to make an authorized connection and/or tries to open a port, it is immediately detected and can be blocked before it can complete its attack. At that point, I can manually remove the threat from the file system and delete all references to it in the system registry. I don't need any updates, because exploits are completely ineffective on my machine.

That's the nature of an exploit, it exploits ports that are open. Like javascipt or apache and every other web facing service. As long as the internet is nat'ed theres almost point in the average person to run a firewall.

2015-09-25 at 11:49 PM UTC in Windows 7 and 8 updates spy on you.

Merlin Houston

Please explain.

Exploits, they don't put out updates for no reason.

2015-09-25 at 11:40 PM UTC in My ex gf (not snax/grimes or my baby mammer)

Merlin Houston

Bill Krozby I hope you realize that she is no longer a human. She wants to harvest your daughters brains not unlike jedis harvest foreskin. Be very wary around her!

2015-09-04 at 4:43 PM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)

Merlin Houston

Which one are you building? Neutrino? Because i seem to remember sending you a couple, in any event do keep me posted. Personally i've been a bit busy with IRL things but i plan on working on at least one project i have going on, on the weekend.

Yeah neutrino. And same deal, going to spend some time with it this weekend.

2015-09-04 at 2:26 AM UTC in I need a public FTP server that i can use to host some files.

Merlin Houston

Query.
filetype:txt inurl:"Windows/System32"

Result.
ftp://187.188.158.142/Windows/

http://pastebin.com/SPx3LFWE

As you can see they have the terminal service running for remote management. Check it out, if i have write access i'll use one of these with good uptime to deploy my trojan from.

However for more legitimate purposes i'd still be interested in a dedicated FTP server.

Damn how does someone fuck up this bad.

You should set up a home server and either have a public facing website or a internal site and set up a vpn and ssh. If you set it up with certificates security is almost a non issue and you can then connect to your home internet to access the site and/or use sftp to download files.

Second to that either hostgator or a digital ocean droplet (never used this but hearrd good things).

2015-09-04 at 2:17 AM UTC in I need a public FTP server that i can use to host some files.

Merlin Houston

x10 hosting restricts by IP, Holland isn't allowed and all my european VPN servers aren't either, TOR exit nodes are blocked and the few American servers i tried gave me this message: [h=5]We are not currently accepting from your Internet provider due to recent abusive activity. Please try again at a later date.[/h]
Lol.

Come to think of it they actually did have a problem with email abuse. A lot servers would default drop mail that originated from x10 (glad I realized that sooner than later).
Well that's all I've got, I'd try all the free web hosts and see which are tor friendly.

2015-09-04 at 2:08 AM UTC in The retarded thread: Fuck, §m£ÂgØL made one first edition

Merlin Houston

Sorry, I don't celebrate birthdays and don't really like the concept, although I do see the value of interpersonal intertemporal coordination (Third time I've used this term if Lanny was right about me using it once before the last time I used it.). It would likely trigger a profound sense of melancholy if someone made a serious effort due to my capacity for empathy and socialization being so broken/absent, my inability to feel anything genuine towards it despite wanting to, to give the reaction they would want.

Thinking back through life, I've hurt every single person that has tried to get close to me due to my inability to open up and connect to them, to reciprocate their feelings. I am impossible to get through to, no matter the amount, the person, I will always be alone and trapped within myself.

I dislike the concept of presents more than celebrating the event. Celebrating is harmless, materialism is harmful.

2015-09-04 at 1:57 AM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)

Merlin Houston

For the love of god please don't host a malicious site on your school accout. To be honest the class will probably be a waste of your time, I don't think any professionals use dreamweaver anymore. You will do much better off learning everything from scratch. You want to learn as much javascript and php as possible. Javascript especially.

You want malicious javascript or something similar then, i suck at javascript, lol. I'll tell you what, how about a website that installs a reverse TCP meterpreter? You could make a website and host it, and i'll point my social engineering toolkit at it to rip it and embed a meterpreter with your IP, so that you can run a handler on your machine. I'll give you the files, and you can host it again at school or wherever. Then when people go to visit the site you've created they will recieve a notification that they have to update java, when they click ok, the payload will be delivered, once you open a handler on your own computer or a computer under your control, you will own the infected computer. Oh by the way, i also got neutrino botnet, if we set up a C&C we could infect the school network and use it for DDoS attacks etc.

I had to comment out the authentication line in order to get to the login screen, not sure if they did this intentionally or if I fucked something up. It's a big project, I really want to get a good understanding of how it works. Half the code seems to simply point to it's own 404 screens. What I read seems to say that it's intentional? idk. Couldn't fucking get the builder exe to install on my vm, but I might have been trying to go from linux to win (I forget now).

Anyway fuck dreamweaver.

2015-09-04 at 1:33 AM UTC in I need a public FTP server that i can use to host some files.

Merlin Houston

x10 hosting is the tits, best free service that I know of

2015-09-04 at 1:31 AM UTC in Running python program as a Windows service.

Merlin Houston

I learned today that you can place .exe files in the users startup directory (and as the name implies they'll start at boot). Surely this wouldn't require admin rights, didn't check though (was doing something unrelated), but it would make the whole thing a lot easier. Just make download directly to that directory with a system call or through python or whatever. Off the top of my head it was Users/AppData/Roaming/Microsoft/Windows/Programs/StartupPrograms

2015-09-04 at 1:26 AM UTC in Wrong amount of folks online

Merlin Houston

It says me and restop. And yet I always have to relogin several times while I'm online

2015-09-01 at 3:36 AM UTC in How many people with an interest in cyber security("Hacking") are still here?

Merlin Houston

Indeed, like i mentioned in the other thread though the original backdoor was actually written by bytebleeder on github, i just made it more functional by adding modules for persistence and whatnot. I'm no coding god but i think i have a decent understanding of the original code in general so if you have a specific question i'll try to answer it for you.

A project is always the best way to learn.

2015-09-01 at 3:21 AM UTC in Running python program as a Windows service.

Merlin Houston

Tl;Dr / most important: You can send console commands from python with os.system()

Well in linux there are a few different places you can place a program to run at boot. In theory all you would need to do is place the script in a certain directory or add a path to it. A lot of it varies, even by window manager. Depending on where it goes will determine when it is run and what user (the regular user or root) is running it. For linux at least, this brings up an interesting question. Do you need to be root to run your script? If not this would be a big advantage because you could place it in the WM specific location which for me at least does not require root. If you need to be root you'd need to place it in the right place for that. You'd have to experiment a bit with different distros to find a good universal'ish place that works. And you'd have to either elevate somehow or have the user run as root. Again if you snuck it into a regular looking program it would probably work.

Ok, windows you should be able to open a console through python:

os.system(/usr/bin/kill_all_humans)

and have it be like interacting with the command prompt. I'm not totally sure how this is handled in windows, but it should run it silently. On linux this lets me do bash commands, and presumably if I had a different shell it would send to that). Also you cannot change to admin once cmd.exe has been opened, I would guess that if you elevated to admin within python and then sent console commands with os.system() they would have admin rights. And then you could run those cmd commands (probably the schtasks one with the xml would be the thing to do) through python before or while the main program is downloading. (The command itself definitely works, as I said didn't test if it technically ran as admin or not (but the person claimed it did). Your program doesn't require admin to install, what about to run? Either way you could both add to startup and disable the uac which should let anything run silently as admin.)

In linux you'd have to do the same thing, but os.system(write_my_script_here) or whatever linux equivalent thing you have to do is.

If we're going to piggy back on anything i don't even need to elevate to admin, i'd use python to inject shellcode into a process that already has admin privilege. To get the desired end result though i'd have to code my malware in assembly, convert to bytearray, inject into privileged process and repeat every time at boot. I could also inject dll, but i believe dll's are written in C and i don't really know C let alone assembly, kek.

Fugg that's pretty crazy, didn't know you could do that. What I meant was that the method I'm describing above might prompt the user twice, once for the initial install and once for python requesting elevated permissions. People are pretty well conditioned from the fucking annoying installers that it probably wouldn't make them suspicious anyways.

2015-09-01 at 2:20 AM UTC in How many people with an interest in cyber security("Hacking") are still here?

Merlin Houston

Personally i'm not really into wireless hacking, i mean i hacked my neighbours wifi once but that's it. It doesn't strike me as particularly interesting, although you can do some cool stuff with wireless hacking in general, think evil access point, bluetooth hacks etc. That being said i can't say that i've used scapy but a quick google search reveals that it's a pretty cool tool.

Yeah exactly it's kind of boring. The cool thing scapy can do is create packets at any/multiple layers. You could create an IP() packet. Or specify ETH()/IP()/TCP()/HTTP() and configure every aspect of the frame. So the lower layers I could see for LAN tomfoolery, but I'm sure there are even more interesting things you could do at the upper layers. Since everything of this stuff stems from making requests that either directly fuck with something or analyze the response for vulneribilities this would save the time of having to manually creating a packet. You can just create the object and go. Seems like you would need a very in depth knowledge to do anything real tricky with http though. I'm just rambling at this point, but I think it does have potential to be used in almost anything.

Also, since you mentioned programming, i'd love to get your input in this thread.

http://niggasin.space/forum/technoph...omments-advice

See what I found on running it as a windows service, not sure if it's helpful or not. Beyond that, looks pretty slick. I do want to get a better understanding of your key logger code and the concepts in general. As you said before there are a lot of pieces that go into a rat / botnet.

2015-09-01 at 1:56 AM UTC in Running python program as a Windows service.

Merlin Houston

So I know fuck all about windows and the specifics, but I'm assuming the end goal is the program runs as admin at boot?

You don't specify (and I don't know if it's possible or impossible) if the user will be prompted for admin rights during the initial infection. Since the concept is to pack it into another executable I assume you are ok with this. Looks like there are 2 things you can do and you might need to do some combo.
First see:
https://stackoverflow.com/questions/5427673/how-to-run-a-program-automatically-as-admin-on-windows-startup
This uses the cmd



schtasks /create /tn "start notepad on login" /xml startnotepad.xml

and the xml



<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2015-01-27T18:30:34</Date>
    <Author>Pete</Author>
  </RegistrationInfo>
  <Triggers>
    <LogonTrigger>
      <StartBoundary>2015-01-27T18:30:00</StartBoundary>
      <Enabled>true</Enabled>
    </LogonTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>CHUMBAWUMBA\Pete</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>"c:\windows\system32\notepad.exe"</Command>
    </Exec>
  </Actions>

To run the program notepad at boot. Now the answerer claims that it will run things as admin. I couldn't verify this because in task manager admin tasks appear to show up as the normal user. (I ran cmd as admin and task manager didn't reflect this process any differently). Assuming the answerer was correct that this runs with admin privileges then it's all there is.

You could also disable the notifications that prompts the user. https://superuser.com/questions/227860/how-to-toggling-uac-on-off-quickly-eg-using-command-line-in-windows-7
enable/disable



C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

This still requires a reboot despite what the person said. This would allow you to elevate privileges without informing the user, but since it requires a reboot it probably wouldn't be very helpful. I can't actually think of how this would help you at all.

You should also look into modifying the group policy via command. That's what I used to autostart programs in the past. The commands secedit /something /something and gpupdate /force (should turn up a few SO questions) look like the way to modify the group policy through cmd.

If you look at one of the answers in the second question you could maybe even piggy back of them accepting the first time to prevent multiple requests for the user to accept.

Not sure if this is helpful, I'm genuinely curious if there is a legitamite way to elevate or force something to run at boot without elevated permissions to begin with.

2015-09-01 at 12:19 AM UTC in How many people with an interest in cyber security("Hacking") are still here?

Merlin Houston

Yeah, but it's been a minute since I actively pursued anything and mostly the time I'd spend learning a tool I'd rather spend just getting better at programming. I actually just started playing around with scapy the other day. Pretty cool it's like scriptable, slightly more complex aircrack (didn't get as far as injecting packets, but I'm sure it's capable of that?). Sophie do you use scapy at all? Hoping I'll find some sort of inspiration for a project involving crafting / analyzing packets in scapy. Everyone seems to have done wifi crackers and arpspoofers which is definitely cool, but not terribly unique. You could send malformed packets to SYN flood, just my single machine attacking didn't appear to make a noticeable impact on my other machine or router though.

2015-08-24 at 10:19 PM UTC in Chip And Pin Bypassed

Merlin Houston

A few months back the store changed out all of the card readers so that they can read the new chip cards. Basically, if someone tries to swipe a card, it may ask for them to insert their card so the chip can be read. Apparently, this seems to be based on the issuer, and according to customers, is random(but they could be full of shit).

I just got one and it made it seem like if there was a chip reader I would have to swipe it AND put it into the reader. I fail to see how this will really help anything. Doesn't most fraud involve buying things on the internet? (inb4 every computer comes with a closed source chip reader required to make any purchases).

2015-08-24 at 10:05 PM UTC in Sophie's Bag o' Lulz.

Merlin Houston

You're going to have to go through the source code anyway. Say in example you want to deploy one of the botnets, how will your bots know where to contact your C&C without you defining it in the source code first.

Ah true, I was thinking they'd be more point and clicky. Actually I'm pleasantly surprised they need to be compiled / not minified. All my experience has been with linux binaries so I never really know what kind of work went into something (not that I couldn't have gone and looked).

It's not just sensationalism i think. Malware has been known to come with all sorts of analysis evasion measures Rombertik is a good example of this. This particular piece of malware was written in such a way as to delete the master boot record if it found out it was being analyzed. Here's the article, it's good shit.

http://blogs.cisco.com/security/talos/rombertik

I had a sauce code sample of Rombertik actually which my nigga over at another forum had downloaded from virusshare, but i ended up deleting it, too dangerous and above my pay grade anyway, lel.

Interesting, that looks pretty nasty. Unless I read it wrong it would only destroy the vm. Say it detected it was being sandboxed it would trash the vm, but the vm alone would never trigger it's anti sandbox measures and even if it did it would only be aware of the vm.

...But I was curious and looked into it. It is still possible for a virus to jump from vm to host, something to do with vulnerabilities at the kernel level involving how disk space is shared.

User Controls

Navigation