Арбитраж johndoe7

[Vinki]

барыжничество
johndoe7

https://xss.pro/members/206617/

Поясню для неопытных почему я взялся за него.
Наткнулся вчера на топик - тык
Глянул гит, вроде норм гит. После, захожу на сайт. Листаю-листаю. А там идентичные продукты которые продает наш милый американский друг на форумах. Решил проверить владельца гита, написал в токс(переписку в конце). Ясное дело что "они" наотрез скажут "это не мы" и "мы не предоставляем данных о своих клиентах". Но, все же кубло я разворошил раз пошла такая реакция.
Дураку видно что он связан каким-либо образом с этим сайтом. Если это не его, тогда он пиздит оттуда материал и продает на 200% наценкой.
И это не реклама ни барыги ни гита и не сайта, мне похуй на кобу и прочий товар, у нас все свое. Но если селлер продает пизженный(либо нет) товар и продает в несколько рук(именно речь за "пак эксплойтов"), то какого хрена он здесь делает?

Белый мальчик решил залезть в черный бизнес - и обосрался?

Итак, начнем с твиттера DSAS-INJECT:
Там мы видим такую картинку с гитхаба - https://prnt.sc/lcwDrsR5WcOA
Переходим в тему на форуме к Джонни - /threads/70666/post-733991 И ВУАЛЯ = https://prnt.sc/OhB7DaH3yxGk

Что мы здесь видим? Софт Exploit Pack. "Ну да ладно, и что? Любой может купить его..." - так-то оно и правда, а идентичное содержимое внутри 2‑х софтов - это тоже совпадение, верно? "Его же продают вместе с содержимым".
Да, его продают вместе с содержимым - это верно.
ТАК КАКОГО ХРЕНА, 19 человек(если не больше) которые использовали гарант - ПОКУПАЮТ У БАРЫГИ ТО, ЧТО СТОИТ КОПЕЙКИ??? БОЛЕЕ 400К ДОЛЛАРОВ ГОВОРИШЬ? Ну чем не барыга?


Еще немного новостей - скринов с гитхаба:

Screenshot

Captured with Lightshot

prnt.sc

Screenshot

Captured with Lightshot

prnt.sc

Переходим по линку и видим что какой-то Джонни(мы конечно же точно не знаем, не тот ли это Джонни который наш любимый пиндосс)

One or more project "Silent" were not loaded · Issue #1 · EvilGreys/Disable-Windows-Defender-

Hi, thanks for sharing the idea and the code, sadly seems the structure or folder Silent... but found on ABC.sln I miss something ? Using windows 10 and Vstudio 2022

github.com

Screenshot

Captured with Lightshot

prnt.sc

johnjohnsp1 - Overview

johnjohnsp1 has 2721 repositories available. Follow their code on GitHub.

github.com

Ну а далее я прикрепляю сообщение, которое он отправлял всем(мне так показалось + доказалось) кто писал здесь в топике=)

"
- он мне написал в личку письмо, тема письма:
.
Просто точка, я вспомнил где видел такое.

[11:36:09] DSAS-INJECT: .

Любитель точек проебался на мелочи.

- больше подробностей и скрином дай пожалуйста
- Я написал в той теме сообщение и он тут же отправил мне в лс письмо. тема письма - "." (точка).
мое предположение, что DSAS-INJECT и Джонни одно лицо, с большой вероятностью. Выдает манера письма - ставят точку, когда не хотят или не считают нужным что-то писать.

Screenshot

Captured with Lightshot

prnt.sc

Screenshot

Captured with Lightshot

prnt.sc

Интересный факт:

DROPPER/dropper.gif at main · EvilGreys/DROPPER

Contribute to EvilGreys/DROPPER development by creating an account on GitHub.

github.com

"ссылка на этот гит с главной страницы https://injectexp.dev/ на какой-то обзор их супер-пупер дроппера, "exe" называется "dropped_by_r1z.exe". Странное совпадение, не так ли"

в лс когда-то он мне пишет что поддержки нет и "продам потом обновление за 2к" - которое стоит бесплатно на том сайте. К тому же софт:

Screenshot

Captured with Lightshot

prnt.sc

Screenshot

Captured with Lightshot

prnt.sc

Screenshot

Captured with Lightshot

prnt.sc

exploitpack.com
Это не приватный, а публичный сервис оплачиваемый палкой. Любой вбивала может получить "39к сплоитов" и тулзов(которые продает этот барыга) для пентеста подпиской за 1.6к евро\на 2 года. Да, это может быть не просто, но "идущий - дойдет". Просто не все знают такие сервисы, как и я до сегодняшнего дня.
А в этом сервисе мало того что поддержка 24\7 еще и обновления тулзов и сплоитов регулярное. Именно по этому у него, после публикации экспов в паблике, на следующий день появляется обновление в софте. И он продает его за хуеву тучу бабок.
К примеру: Иванти сплоит. POC вышел вчера - сегодня он уже продает готовый сплоит за 5-10к+. Причем не в 1 руку. Я знаю что претензий нет, но после того что я вывалил про него - его клиенты просто обязаны забрать бабки за то что они заплатили. И к лучшему, потому что я не хочу чтоб люди потом создавали арбитражи и верили подобным r1z(хотя все факты указывают на то что r1z=johndoe7=DSAS-INJECT). По манере общения, по переписке

Далее, я попрошу какого-то свободного осинт кто это прочитает(и который желает помочь прикрыть лавочку барыги), заняться этим поглубже. Я лишь провел свое маленькое наблюдение, остальное за вами. Спасибо за внимание=)


Документы:
https://exploitpack.com/indexexploitpack.html - ОФФИЦИАЛЬНЫЙ сайт приложения которым пользуется ваш любимый пендосс Джонни с "паком эксплойтов"
Updated Date: 2023-07-20T07:05:43Z
Creation Date: 2011-09-05T17:30:13Z
Registrar Registration Expiration Date: 2025-09-05T17:30:13Z
Описание:
Расширенные функции Exploit Pack и индивидуальные возможности настройки делают его незаменимым активом для любого специалиста по безопасности, стремящегося протестировать цифровую инфраструктуру своей организации. Программное обеспечение постоянно обновляется и поддерживается командой опытных разработчиков и тестеров на проникновение, гарантируя, что оно остается на переднем крае индустрии кибербезопасности. Возьмите под полный контроль свою цель и оставайтесь незамеченными, не останавливайтесь на симуляции. Мы помогаем тестировщикам на проникновение и специалистам по кибербезопасности по всему миру достигать результатов, которые не могут достичь никакие другие инструменты.

https://twitter.com/Exploit_Pack - Их твиттер
(Joined December 2010)

https://github.com/EvilGreys - гит DSAS INJECT

https://injectexp.dev/software - Сайт DSAS-INJECT

https://github.com/johnjohnsp1 - гит возможного вашего любимого пендосского джонни


Переписка с якобы владельцем сайта, гита, твиттера:

    [10:32:56] DSAS-INJECT: Hello. If you are a client, write your personal account ID for a quick response.  How can I help ?

    [10:45:35] Vinki: Hi. I'm not a client yet. I would like to talk to you about your github. Can i? I don't know how to say this, and I don't know how you would react to it. I'm more interested in collaboration than becoming a client. Can we talk about that?

    [10:47:05] Vinki: partnership, to be precise

    [10:50:14] DSAS-INJECT: What benefits do you want to get from cooperation in the place ? What exactly are you interested in ?

    [10:54:13] Vinki: 1. I am interested in a product such as zero day vulnerabilities. RCE in particular. You have similar ones in your github like VMWARE. I am interested in similar exploits with 0day RCE. Specifically, buying them at black-market price. Can we talk about it?

    I'm not interested in 1day vulnerabilities, only 0day RCEs.

    2. I am interested in FULL SERVICE column.

    $7900

    Total COBALT STRIKE 4.8 + or COBALT STRIKE 4.9.1 Anonymouse VPS + Anonymouse Domain Registration + OPSEC Installation Service + Crypt SERVICE. Sentinel One, Windows Defender, Kaspersky and Sophos with unlimited builds. Powershell Beacons and Net Monthly Webshell Subscription unlimited builds. CrowdStrike, Carbon black and Cylance Protect with no build limits.LSSAS Dump Exploit. Consultation+recommendation for c2 infrastructure."


    You are providing crypt as I see it. How much crypt is FUD? And does your service provide crypt 24\7?

    [11:02:03] DSAS-INJECT: Intelgence EDR:

    Crowdstrike, or BlackCarbon, or SentinelOne, or Cortex, or Mcafee, or Sophos, or TrendMicro, or Kaspersky.


    l - Price starts at $2K for EDR above + 1 dropper (exe, dll, vba, etc.) + LSASS exploit + persistence backdoor for auto-launch + log cleaning. (Without 0d4y/1d4y exploit).

    ll - price starts from $5k for EDR above + 1 dropper ( exe, dll, vba ) + LSASS exploit + persistence backdoor for auto-launch + log cleaning. (0d4y/1d4y exploit included).

    [11:02:08] DSAS-INJECT: You can also get crypt 1 file to bypass AV = Prices start at $500

    [11:02:13] DSAS-INJECT: Monthly subscription to crypto service = EXE+DLL. EXE (one related file). Powershel. Webshell JAVA. ASPX. ASP.

    [11:02:20] DSAS-INJECT: Starts from 5K$

    We have increased the prices for monthly subscriptions

    [11:02:29] DSAS-INJECT: 24/7

    [11:03:46] DSAS-INJECT: One-time crypto now works only through quick contacts. There is no subscription to one-time crypto in your personal account. When purchasing a monthly subscription or c2 infrastructure, you receive a personal account for working and installing software

    [11:07:14] Vinki: Okay, how FUD is he? 0\62 or 2-4\62?

    And what can you say about the first question?

    [11:10:59] DSAS-INJECT: 1-We provide the opportunity to work with them in your personal account with a full subscription to the service. We did not consider the possibility of selling.

    [11:11:22] DSAS-INJECT: 2- 0/62 FUD

    [11:16:07] Vinki: > 1-We provide the opportunity to work with them in your personal account with a full subscription to the service. We did not consider the possibility of selling.

    So you mean to say that when I buy a subscription in my personal account I will find RCE 0day exploit to Windows or to VPN vendors or other?

    Let me be more specific. I am interested in writing such exploits and buying them, not in "subscription". Our team needs a reverse engineer/encoder/exploit developer to write and sell exploits to 1 hand only, i.e. me.

    If that's not how you work(or your devs), then say so. No need to drag me into subscribing. I am a black hat from the Black market, not white or blue. Okay?

    [11:24:08] DSAS-INJECT: Buddy, I am very glad that you are representatives of Black Hat. No problem, you asked how we work, I explained to you, I can't force you to buy something, it's your opinion and your business what to do. And yes, I can say right away that we have been working for no more than 1 year and we have a small arsenal of RCE. We can also buy this for our service. But we are not involved in the sale of this.

    [11:26:41] Vinki: Do you know this man?

    [11:27:18] Vinki: Is this you "undercover" making the sale or is this your "good-hearted customer with a subscription"?

    [11:29:33] Vinki: If it's not you, congratulations. You're leaking information in your "site-service"

    That's why I wrote to you, to see if it was you or not. If it's you, there's no question. If it's not you, then deal with your clients. You're leaking information because of someone.

    Do you see why I wanted to contact you?

    [11:31:32] DSAS-INJECT: No, I don't know. We are not on the forum.

    [11:31:44] Vinki: How do you know this is a forum?

    [11:33:22] Vinki: Then you're leaking information on your site? Because this person has made many sales of your "product" including exploits.


    What are you gonna do now?

    [11:35:58] DSAS-INJECT: > [14:31:45] Vinki: How do you know this is a forum?

    > [14:33:23] Vinki: Then you're leaking information on your site? Because this person has made many sales of your "product" including exploits.

    >

    > What are you gonna do now?

    I'm very happy about this man. Well, I probably know what forums look like and I can tell from this screenshot what it is.

    [11:36:09] DSAS-INJECT: .

    [11:38:21] Vinki: So you don't care if your "exploits"(if we can call them exploits) sell?

    [11:43:09] DSAS-INJECT: I have already explained to you what and how we work. Inside our system, with the exception of file encryption.

    [11:44:13] Vinki: So you don't care that some "idiot"(maybe your client) is selling your products in 20 or more hands. Am I right?

Kind regards, Mr. r1z

 

[admin]

Получил опровержения в жабе от johndoe7. Будет неправильно лишить человека права ответить на претензию. Поэтому бан с johndoe7 снял для участия в арбитраже. Прошу и требую без флуда и без оскорблений. Прошу по сути, тезисно и с фактами. Спасибо!

Received rebuttals in jabber from johndoe7. It would be wrong to deprive a person of the right to answer and to comment. Therefore, johndoe7's ban has been lifted to participate in arbitration. I ask and demand without flooding and without insults. I ask you to be factual, abstract and with facts. Thank you!

 

[johndoe7]

These scam websites and shit chat - I have nothing to do with. It is just retarded confusion. Many scam websites like that. Example: https://tgstat.ru/en/channel/@zer0daylab.
And many others. These are scams. I actually have the tools and exploits and have done dozens of deals on these forums.

https://prnt.sc/OhB7DaH3yxGk - so this is ExploitPack Pro. So what? It has been listed on my threads long time ago - and before anyone buys it is very well explained to them what they buy. If they want they can go buy from the official website. Same Shellter Pro - I have much bigger price for it. And so what? Go buy from the official website. I don't hide the name anything. Who wants can go and buy from there. Same Cobalt Strike, same Brute Ratel. And by the way - about this Exploit Pack - it is just a screenshot about few IoT exploits - most of my exploits are not from it, and this can be checked by administration in my garant service deals where there are precise descriptions. It is just retarded shit what is written by this Vinki. It is not that I have hidden - say exploits and then give some tool like ExploitPack Pro. When ExploitPack Pro was purchased everything was explained in advance, that it is precisely this tool - can be verified by the administration in the descriptions of my garant deals. But for it I have 2 or 3 deals. It is mostly about the IoT exploits, or if someone wants precisely this tool. All other exploits listed on my thread "Exploits" are not from it.

This fucking shit r1z, administration knows very well what I have written about this shit. It is about as retarded as Vinki, cannot even speak proper language. I have nothing to comment about this shit.

So what about PoC of Ivanti? My exploits are private implementations. Buyers always had access to the source code. The admin can get a copy of the source code of this Ivanti and see that it is not anything that is in public. It is a private exploit, as all my exploits.

So - ExploitPack Pro is just one of the many tools I have. All else from this Vinki is just some shit and scam websites.

 

[Vinki]

These scam websites and shit chat - I have nothing to do with. It is just retarded confusion. Many scam websites like that. Example: https://tgstat.ru/en/channel/@zer0daylab.
And many others. These are scams. I actually have the tools and exploits and have done dozens of deals on these forums.

Допустим, не исключаю. Бывают совпадения. Это признаю и не доказать твою связь с ним не смогу. По крайней мере пока что.

https://prnt.sc/OhB7DaH3yxGk - so this is ExploitPack Pro. So what? It has been listed on my threads long time ago - and before anyone buys it is very well explained to them what they buy. If they want they can go buy from the official website. Same Shellter Pro - I have much bigger price for it. And so what? Go buy from the official website. I don't hide the name anything. Who wants can go and buy from there. Same Cobalt Strike, same Brute Ratel. And by the way - about this Exploit Pack - it is just a screenshot about few IoT exploits - most of my exploits are not from it, and this can be checked by administration in my garant service deals where there are precise descriptions. It is just retarded shit what is written by this Vinki. It is not that I have hidden - say exploits and then give some tool like ExploitPack Pro. When ExploitPack Pro was purchased everything was explained in advance, that it is precisely this tool - can be verified by the administration in the descriptions of my garant deals. But for it I have 2 or 3 deals. It is mostly about the IoT exploits, or if someone wants precisely this tool. All other exploits listed on my thread "Exploits" are not from it.

Т.е. ты согласен с моими словами - что ты купил подписку к 39к "эксплойтам", прочим инструментам и тулзам на exploitpack за 1600 евро, берешь оттуда любой на выбор эксплоит и продаешь его за 10-20-50к? А теперь когда тебя взяли за яйца, говоришь - "Идите и покупайте на официальном сайте". Т.е. все клиенты, которые у тебя взяли тулзы и эксплойты по завышенной цене - после этого закрытого или не закрытого арбитража, должны сейчас пойти и "купить на официальном сайте"? И мнение клиентов тебя не интересует?
Верно я понимаю?

This fucking shit r1z, administration knows very well what I have written about this shit. It is about as retarded as Vinki, cannot even speak proper language. I have nothing to comment about this shit.

I answer, in your usual language. - if you don't stop acting like a girl before incest, I'll help you with that. With your behavior and insults you will not get yourself out of the shit you are in, I hope you understand me, in your "normal language". To me your language is shit because you are not on an international forum, but on a Russian-speaking forum. So stick to ethics and behave like a man. You are a guest, not in your home.

So what about PoC of Ivanti? My exploits are private implementations. Buyers always had access to the source code. The admin can get a copy of the source code of this Ivanti and see that it is not anything that is in public. It is a private exploit, as all my exploits.

Будет хорошо, если Админ найдет время(маловероятно) на этой или следующей неделе проверить что есть в exploitpack софте(а именно эксплойты и тулзы на его выбор и вкус. Как их выдают, в каком виде приходят обновления, какую информацию предоставляют к продуктам, есть ли возможность копировать\использовать исходный код вынося за пределы софта), и сравнит с тем что есть у тебя в "частной реализации". И затем, сравнит с информацией в твоих сделках в гаранте. К примеру, через AnyDesk. Возможно эта проверка откроет глаза на правду либо на ложь. К этому ко всему, будет неплохо доказать на знаниях в коде, у тебя же есть свои реализации и наработки? Назовем это тестирование на профпригодность =)

 

[johndoe7]

The dirty scum will answer about what is said (offences are there already, and the scum will answer for that). It is below my dignity to talk with such creature - in real life I do something else but certainly not talk with it. So little bitch I will help you really about your talk.

About this "Arbitration". Is it not retarded? Or cannot read?

For normal people. And for admin. I have already said - for ExploitPack I have 2 or 3 deals - and price was around $3K. How I buy the tool is my business. My exploits are not from ExploitPack - only the IoT ones, and as I said I had only 2 or 3 deals for $3K per deal for this tool. Otherwise - all other exploits (except IoT) from my thread "Exploits" are not from ExploitPack. admin - look in the garant service deals, there it is explained exactly which tool for exploits for each deal. And as I said I always gave in advance information about the name of tool that will be given - I don't start from now - and that is again proved in the garant deals that I had on the forum. So this is just bullshit retarded talk that now I say "go buy official" - always everyone knew which tool and what they buy.

 

[Vinki]

The dirty scum will answer about what is said (offences are there already, and the scum will answer for that). It is below my dignity to talk with such creature - in real life I do something else but certainly not talk with it. So little bitch I will help you really about your talk.

About this "Arbitration". Is it not retarded? Or cannot read?

admin Предлагаю для начала закрыть ему рот.
II. Общие положения форума
1. На форуме запрещаются нецензурные выражения, мат и оскорбления.
2. Не отвечайте на оскорбления в Вашу сторону. Если Вам начали хамить/угрожать/ругаться, достаточно написать администрации и провинившийся будет наказан.

For normal people. And for admin. I have already said - for ExploitPack I have 2 or 3 deals - and price was around $3K. How I buy the tool is my business. My exploits are not from ExploitPack - only the IoT ones, and as I said I had only 2 or 3 deals for $3K per deal for this tool. Otherwise - all other exploits (except IoT) from my thread "Exploits" are not from ExploitPack. admin - look in the garant service deals, there it is explained exactly which tool for exploits for each deal. And as I said I always gave in advance information about the name of tool that will be given - I don't start from now - and that is again proved in the garant deals that I had on the forum. So this is just bullshit retarded talk that now I say "go buy official" - always everyone knew which tool and what they buy.

Людям неважно, сколько сделок у вас было. Я опираюсь на факты, а не на слова. Нормальные люди хотят видеть доказательства, а не пустые слова. Как это сделал я в первом сообщении здесь, понимаешь? Скрины, видео, комментарий незаинтересованного человека. Это как в суде. Представьте, что вы находитесь на суде, и вас обвиняют в злонамеренной перепродаже, а вы в ответ должны предоставить опровержение, описанные выше. Вот и все =)

 

[johndoe7]

admin - everything is already there. Also see the data from my garant deals. I have dealt with serious people. In the deals it is explained what they receive and they did receive it exactly. The form in which they did receive the exploits, there can be no doubt it is not from ExploitPack (except, of course, when they did buy ExploitPack and it was the subject of the deal). Otherwise you can see how it is explained there and there can be no doubt because they receive it with a private tool with GUI that is not ExploitPack. And also, admin, I sent you one of the exploits on Jabber - you can see it. But I deal with serious people mostly - they know what they buy. Not retarded people. They buy and check and then finalize deal - and have access to source codes as well.

And, admin, please clean from spam - some clowns, I don't even read it - that have no idea what is going on. Just post random. Also you can see from where the insults started. There is all the data already - what I have written, backed by the data in my garant service deals and you can also see if you want the exploit I have sent to you - but I am sure just the descriptions of deals and the people who bought, and how they checked, in some cases for days checking - having access to all source codes and everything. In this arbitration some random creatures like Vinki, Minki and what not. The buyers bought, checked and all is OK. I don't know why this is still not closed.

There was some confusion about some scam websites and about ExploitPack. That admin told me is the reason for that to be here at all. I already explained about it quite clearly, in several posts. So that's it. Otherwise this random Vinki-Minki, what is it - a no-buyer, nothing. Why the fuck behaves as if it was a buyer or something? It is nothing. The confusion was explained already. I don't know why is this still not closed.

 

[admin]

Ознакомился с ситуацией. Доказательств недостаточно. Странности есть, но ничего конкретного. Пока в претензии отказано.