token leaked

[qosmikgit]

Describe the bug someone got the token from the exe

To Reproduce Steps to reproduce the behavior:

just make the exe and upload it somewhere (for me i chose ninja files or something like that)

Expected behavior for it to not be leaked

Screenshots

Desktop (please complete th If applicable, add screenshots to help explain your problem.e following information):

• OS: [tiny11]
• Python Version: [3.11.9 iirc]

[greenhat-byte]

It's easily obtainable via a decompiler or by running it through an analysis sandbox. Given that it's Python under the hood, there may not be an easy fix.

[avik-py]

Describe the bug someone got the token from the exe

To Reproduce Steps to reproduce the behavior:

just make the exe and upload it somewhere (for me i chose ninja files or something like that)

Expected behavior for it to not be leaked

Screenshots

Desktop (please complete th If applicable, add screenshots to help explain your problem.e following information):

• OS: [tiny11]
• Python Version: [3.11.9 iirc]

There is currently no way to stop it. The encoding is not that strong. Wait for the next update.

[Ghostlogss]

Womp womp

[xxcosita3czxx]

I think i will have a solution, lets have token encrypted via AES and have password encrypted in base64, this should stop decompilers to show it so easily, and people will have to look very deep

[xxcosita3czxx]

and also change the token variable to something less appealing

[xxcosita3czxx]

• garbage variables to let people get confused

[Ghostlogss]

Changing the variable name wont do anything you can still figure out what it does by looking at the code.

[xxcosita3czxx]

isnt it like obfuscated?

[Ghostlogss]

You can deobfuscate it…

[xxcosita3czxx]

well, and how about hiding the file

[xxcosita3czxx]

deleting first exe and hiding it somewhere else

[Ghostlogss]

Uhhh they can just find the malicious process, find its location and just find the exe and decompile it.

[xxcosita3czxx]

well then name your exe something like system utilities

[xxcosita3czxx]

but perfect would be to hide it in system32 folder

[Ghostlogss]

Still possible to find out

[xxcosita3czxx]

but extra hard

Like who tf would suspect file that is in system32 and looks like system utility

[Ghostlogss]

Scan it with antivirus?

[xxcosita3czxx]

disable antivirus :D

[xxcosita3czxx]

just delete some files from it and it shudnt work anymor

[xxcosita3czxx]

Or instead running it in background, what about running it as windows service

[xxcosita3czxx]

like this thing

[xxcosita3czxx]

file that looks like system file, is in system32 and is running as service is not that sus

[xxcosita3czxx]

antivirus is only thing that will indeed delete it, but he shud disabled it in the first place to run the file

[xxcosita3czxx]

so we will have time to just delete the antivirus

[Ghostlogss]

Hm maybe.

[greenhat-byte]

eh, the issue here isn't people finding the token, it's ratting people who can do that lol. it could do for some better obfuscation and hiding yeah, but you guys should get better at social-engineering too.

disguising the file better would be the best way to go, like you're saying.

[xxcosita3czxx]

Yeah, as wise man once said, "the biggest flaw of a system is human himself"

[greenhat-byte]

the best possible fix for this would require an entire reworking of the program, tbh. the victim sets up a listener on their pc and like a traditional trojan it'd communicate with the attacker's proxy server, which also is where the bot could be hosted. attacker sends command to bot, bot translates that on the proxy and forwards it to the victim, victim gives data back to bot.

so a common malware, only difference being that the c2 server is a discord application. lmao

[xxcosita3czxx]

Simillar thing im doing, the thing u described is reverse_tcp, yet there is one thing, it requires public ip, which most people have natted one

[xxcosita3czxx]

They cannot do it like that, or they lose alot of people

[greenhat-byte]

yeah i get that haha. that's why i didn't propose it as a recommendation, but presented it as an iffy solution. i'm actually heavily into cybersec myself

[xxcosita3czxx]

Same

[xxcosita3czxx]

And actually these limitations that are here are reasons why i sometimes make things myself

[greenhat-byte]

wouldn't wanna crowd an issue thread but same here, writing this stuff is hella fun

[NFS11]

@greenhat-byte why are people surprised basic tools can be used against others? and yh it is Hella fun ngl. my friend tries ratting with other tools and i mess around with his tokens