So I've whaling keyloggers since 2 days ago and I must say it's is fun as hell I've already gotten a few scriptkiddies that encrypted with TripleDES but left the key out in the open in plaintext, however I'm trying to do some more advanced ones and I'm stuck. There are very little guides and tutorials on this subject and most of them are only talking basics.
So I was hoping if someone with VB .Net knowledge here could me out with a problem.
I'm stuck on this "Me.keyz = Form1.DecryptTripleDES("2yXIKDKfQXwEmvODFkDJAQ==", Conversions.ToString(&H3AD7F3A9))"
This is obviously the key to decrypt it all, but I have no idea what "Conversions.ToString(&H3AD7F3A9))" does or how to interpret it.
Clicking on "Form1.DecryptTripleDES" shows a simple encypter [url]http://pastebin.com/1wuQGhWf[/url] like on almost all encrypters i've found.
Can someone point me in the right direction?
[QUOTE=Thugaim;34863026]So I've whaling keyloggers since 2 days ago and I must say it's is fun as hell I've already gotten a few scriptkiddies that encrypted with TripleDES but left the key out in the open in plaintext, however I'm trying to do some more advanced ones and I'm stuck. There are very little guides and tutorials on this subject and most of them are only talking basics.
So I was hoping if someone with VB .Net knowledge here could me out with a problem.
I'm stuck on this "Me.keyz = Form1.DecryptTripleDES("2yXIKDKfQXwEmvODFkDJAQ==", Conversions.ToString(&H3AD7F3A9))"
This is obviously the key to decrypt it all, but I have no idea what "Conversions.ToString(&H3AD7F3A9))" does or how to interpret it.
Clicking on "Form1.DecryptTripleDES" shows a simple encypter [url]http://pastebin.com/1wuQGhWf[/url] like on almost all encrypters i've found.
Can someone point me in the right direction?[/QUOTE]
Stick the code into an empty project and see what you get.
So I made this quickly and shit doesn't work, yet has all the required code
[url]http://pastebin.com/SDqi1Gvd[/url]
DecryptTripleDES("2yXIKDKfQXwEmvODFkDJAQ==", Convert.ToString(&H3AD7F3A9))
gives back 123456789
[QUOTE=-Ana;34863653]DecryptTripleDES("2yXIKDKfQXwEmvODFkDJAQ==", Convert.ToString(&H3AD7F3A9))
gives back 123456789[/QUOTE]
wait what? How did you get to that number?
By running it probably.
Ana, could you explain to me how you do it? I have no clue where to start.
also I ran 123456789 in my 3DES decryptor as the key and it doesn't work. :(
[url]http://pastebin.com/ByLDmpWd[/url]
I just copied the decryption function and ran it.
[img]http://puu.sh/ikjJ[/img]
[editline]25th February 2012[/editline]
but this is from another logger :P
[QUOTE=Perl;34863938]I just copied the decryption function and ran it.
[img]http://puu.sh/ikjJ[/img]
[editline]25th February 2012[/editline]
but this is from another logger :P[/QUOTE]
Wont work because you are using System.Net as key
[editline]25th February 2012[/editline]
[QUOTE=-Ana;34863931][url]http://pastebin.com/ByLDmpWd[/url][/QUOTE]
Dear fucking lord, thank you so much!
10k phished runescape logs was the result, but the knowledge to decrypt these is fucking priceless.
Love you man
If the keylogger sends its logs via E-Mail, don't forget to hijack the receiving and/or sending E-Mail account if the credentials are stored in the application.
Change the password, change the security question, delete the account.
This'll prevent the further collection of logs of all installed keyloggers by the phisher.
Just out of interest, where/how are you getting hold of these keyloggers? I want to play around with some of them :P
Oh wow, I found a pastebin with at least a couple hundred of those ahfdojsdjfj== things a while ago.
So, they're just keys?
[QUOTE=ZenX2;34867472]Oh wow, I found a pastebin with at least a couple hundred of those ahfdojsdjfj== things a while ago.
So, they're just keys?[/QUOTE]
3DES encryption you need a key (a random word) to decrypt them.
[QUOTE=Chris220;34867352]Just out of interest, where/how are you getting hold of these keyloggers? I want to play around with some of them :P[/QUOTE]
Go to youtube type in "runescape hack(or facebook, wow etc whatever you want) +mediafire -sharecash -tinyurl -adf.ly -cod -mw3"
It's always so fun to whale.
[QUOTE=Thugaim;34868812]3DES encryption you need a key (a random word) to decrypt them.
Go to youtube type in "runescape hack(or facebook, wow etc whatever you want) +mediafire -sharecash -tinyurl -adf.ly -cod -mw3"[/QUOTE]
Sweet Google Hacking there. Are a lot of these keyloggers really easy to reverse? I wonder what percentage is written by morons and what percentage is written by people with a clue.
[QUOTE=gparent;34869743]Sweet Google Hacking there. Are a lot of these keyloggers really easy to reverse? I wonder what percentage is written by morons and what percentage is written by people with a clue.[/QUOTE]
Found one that had the actual program in a resource, as an assembly, encrypted.
I was about to dig through it since the decryption key is right there but unfortunately the code won't even run. Something about wrong padding.
The code that get's the "real" assembly is obfuscated too so that doesn't make it any easier.
I also like how he used Rijndael like it's going to make the whole thing more secure. With the key right there, you might as well just ROT13 the whole thing.
Its probably just to throw people off from trying to get it.
[QUOTE=Thugaim;34868812]3DES encryption you need a key (a random word) to decrypt them.
Go to youtube type in "runescape hack(or facebook, wow etc whatever you want) +mediafire -sharecash -tinyurl -adf.ly -cod -mw3"[/QUOTE]
I laughed at one of the descriptions
[code]Hello, I'm a faggot. I did not encrypt my keylogger and a superior being took my account.
My Username and Password are caseyboogaard@gmail.com :* 123angel123
My phone number is +16162380428
Please visit joowz.com it's my favorite website on the internet.[/code]
Most of these are just one standard keylogger that people use.
In elementary school, one of my friends downloaded a runescape gold generator and he asked me if it was a virus. The answer is pretty obvious. But the funny thing is, I didn't need to decompile anything, I just looked at the exe in notepad.
I got an FTP server and a password (in plaintext) and a shitload of logs. I deleted the files and folders in the FTP server and disabled it, but I kept backups. The guy kept his entire source code on the server. If I can find it I can upload it for you guys, but this was years ago so I don't know if it still exists on my ancient computer.
This is so much fun. Decompiled one of those "Hacks". He is using a test email to send the passwords to his real one. I have the password to the test one and i'm going to send a "FBI" message to him from it
[QUOTE=demoTron;34875550]This is so much fun. Decompiled one of those "Hacks". He is using a test email to send the passwords to his real one. I have the password to the test one and i'm going to send a "FBI" message to him from it[/QUOTE]
Whats a good decompiler?
[QUOTE=marcin1337;34875874]Whats a good decompiler?[/QUOTE]
I use .NET reflector it's a 30 day trial though, but it works really well
[code]
[StandardModule]
internal sealed class googleiscool
{
// Fields
private static string supgoogleurcool;
}
[/code]
what
I use ILSpy, it is free and open source.
[url]http://wiki.sharpdevelop.net/ilspy.ashx[/url]
[QUOTE=Thugaim;34868812]
Go to youtube type in "runescape hack(or facebook, wow etc whatever you want) +mediafire -[B]sharecash [/B]-tinyurl -adf.ly -cod -mw3"[/QUOTE]
Not Sharecash. That site is fucking horrible. Have to complete a silly 'survey' offering you loads of scams. If you use fake information then it doesn't let you download (I haven't actually tried with real information because I'm not a dumb fuck, but I'm sure it would work).
[QUOTE=BBgamer720;34876651]Not Sharecash. That site is fucking horrible. Have to complete a silly 'survey' offering you loads of scams. If you use fake information then it doesn't let you download (I haven't actually tried with real information because I'm not a dumb fuck, but I'm sure it would work).[/QUOTE]
... which is why he's omitting it from the search.
A lot of botnet clients you can find on youtube are poorly encrypted and communicate with IRC servers,
the way they work is they connect to a public IRC server/channel in a hidden channel,
the owner goes to the same channel and activates the bots with a password, the password is packed in the executable.
So the way you go about those is to just decrypt the password and connection info and then command the bots to update their core to your own version where you hex the connection info and such and the botnet is yours.
Back in the days when bots where still worth something and IRC was a safe place to keep your bots, this was a rather easy way to make some money.
[QUOTE=Chris220;34876681]... which is why he's omitting it from the search.[/QUOTE]
God damn it. Didn't see that. My eyes have deceived me.
Sorry, you need to Log In to post a reply to this thread.
