• Welcome to Valhalla Legends Archive.
 
Main Menu

Elite hackers

Started by UserLoser., January 13, 2005, 05:32 PM

Previous topic - Next topic

quasi-modo

Internet dating is retarded.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Thing

Interesting points:

Real registration info?
http://www.dnsstuff.com/tools/whois.ch?ip=zeropulse.net&server=whois.enom.com&cache=off

Allowing directory browsing is bad:
http://zeropulse.net/

Somebody likes SphtBot
http://zeropulse.net/mute/Downloads/

This guy doesn't know it's 2005.  Check out the dates in News:
http://zeropulse.net/trick/

I find the file sizes in this directory interesting:
http://zeropulse.net/Blaze/D2%20Files/
That sucking sound you hear is my bandwidth.

Networks

They're retards if they allowed themselves to get trojanned numerous times...I learned my first time and it never happened again. And I knew when I got trojanned before the idiot could do anything.

iago

Quote from: Thing on January 17, 2005, 08:48 AM
I find the file sizes in this directory interesting:
http://zeropulse.net/Blaze/D2%20Files/

Hah, I didn't even notice that.  Being rar'd was annoying, I had to install Linuxrar, but eh, it was worth it:

Quoteiago@Slayer:~/downloads/viruses/tmp$ ~/clamav/bin/clamscan
/usr/local/home/iago/downloads/viruses/tmp/ALL D2JSP Scripts - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/AutoHit.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Autotele - Wizard Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Colour Game Spam - Wizard.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/Cracked D2JSP - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/D2Mousepads Maphack v6.1 - Auto-setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/HC Hack.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/JHJ Anti-Detection No D2Loader - Setup.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/JHJ English - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/MM.Bot - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/PvP Buddy - Install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/SpamBot - Wizard install.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/TPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/WPPK - Auto.exe: Trojan.Prorat.O FOUND
/usr/local/home/iago/downloads/viruses/tmp/ZoiD's Pickit - No D2Loader Ver2.exe: Trojan.Prorat.O FOUND

----------- SCAN SUMMARY -----------
Known viruses: 28160
Scanned directories: 1
Scanned files: 15
Infected files: 15
Data scanned: 1.88 MB
I/O buffer size: 131072 bytes
Time: 0.683 sec (0 m 0 s)

And for somebody who gave Spht and [vL] awards for being lame, it's funny how they use Spht's bot and other BNLS-based bots :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Blaze

they cant even spoke good11!!!
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

quasi-modo

Quote from: Networks on January 17, 2005, 08:54 AM
They're retards if they allowed themselves to get trojanned numerous times...I learned my first time and it never happened again. And I knew when I got trojanned before the idiot could do anything.
I have had some of those DDOS clients on my machine in the past, but never a trojan. Even then I have not let it happen since.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

hismajesty

I've never had either, woot I rock.

UserLoser.

Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net).  Also compiled to p-code it looks like (VB6)

Eternal

Ouch, head hurting, too much l33t speak.   :-\
^-----silly Brit
-----------------------------
www.brimd.com

iago

Quote from: UserLoser on January 18, 2005, 12:01 AM
Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net).  Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses.  That's a definate clue.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


TehUser

I tend to just open them in notepad and look for the API calls near the bottom.

Quote
KERNEL32.DLL ADVAPI32.DLL AVICAP32.DLL COMCTL32.DLL GDI32.DLL OLE32.DLL OLEAUT32.DLL SHELL32.DLL URLMON.DLL USER32.DLL WINMM.DLL WINSPOOL.DRV WSOCK32.DLL   LoadLibraryA  GetProcAddress  ExitProcess   RegCloseKey   capCreateCaptureWindowA   ImageList_Add   BitBlt  IsEqualGUID   SysStringLen  ShellExecuteA   URLDownloadToFileA  GetDC   timeGetTime   ClosePrinter                 

I don't know of too many bots that need the printer and multimedia subsystems, much less BitBlt (system drawing routine), capCreateCaptureWindowA (video capture for webcams, I believe), and URLDownloadToFileA.  Even without a virus scanner, should be fairly obvious it's not to be trusted.

Adron

Quote from: TehUser on January 18, 2005, 09:14 AM
I tend to just open them in notepad and look for the API calls near the bottom.

Quote
KERNEL32.DLL ADVAPI32.DLL AVICAP32.DLL COMCTL32.DLL GDI32.DLL OLE32.DLL OLEAUT32.DLL SHELL32.DLL URLMON.DLL USER32.DLL WINMM.DLL WINSPOOL.DRV WSOCK32.DLL   LoadLibraryA  GetProcAddress  ExitProcess   RegCloseKey   capCreateCaptureWindowA   ImageList_Add   BitBlt  IsEqualGUID   SysStringLen  ShellExecuteA   URLDownloadToFileA  GetDC   timeGetTime   ClosePrinter                 

I don't know of too many bots that need the printer and multimedia subsystems, much less BitBlt (system drawing routine), capCreateCaptureWindowA (video capture for webcams, I believe), and URLDownloadToFileA.  Even without a virus scanner, should be fairly obvious it's not to be trusted.

Uhh, BitBlt makes perfect sense for a bot to have. It's one of those calls "everything" uses. For scrolling a window, drawing icons, etc.

Also, most apps want to use the printer subsystem, to be able to print things since that's one of the standard options on the file menu. Multimedia makes sense both for measuring time (pings etc) and for sounds played when connecting / disconnecting. Downloading an URL could be used for displaying a message of the day, checking for updates to the bot or similar. The only call there that is out of place really is capCreateCaptureWindowA.

TehUser

Oh come on, after all of that, you couldn't come up with a reason to have video capture?  Maybe it's for posting video of the bot user to a web interface, since lots of bots have that along with the printing capabilities.  Nothing says cool like being able to print pictures of yourself using an awesome bot.

Falcon[anti-yL]

Quote from: iago on January 18, 2005, 06:23 AM
Quote from: UserLoser on January 18, 2005, 12:01 AM
Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net). Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses. That's a definate clue.
What anti virus do you use? Mine doesn't pick up anything.

iago

#29
Quote from: Falcon[anti-yL] on January 18, 2005, 04:10 PM
Quote from: iago on January 18, 2005, 06:23 AM
Quote from: UserLoser on January 18, 2005, 12:01 AM
Those bots or whatever on trick's site don't appear to be safe (ReaperFlood & Account Validator). They're compressed using UPX compressor v1.29 or something (i don't remember, find latest one upx.sourceforge.net). Also compiled to p-code it looks like (VB6)

Also my virus scanner picks them up as viruses. That's a definate clue.
What anti virus do you use? Mine doesn't pick up anything.

i had to unrar it first.  The .exe's are picked up by ClamAV, which is a free/opensource virus scanner. 

www.clamav.net
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


|