• XSS.stack #1 – первый литературный журнал от юзеров форума

прочее Helium Scraper v.3.2.9.8

Отслеживать

Nucl3eaRReact0r

Премиум
Premium
Регистрация
15.05.2020
Сообщения
31
Реакции
10
Гарант сделки
2
Здравствуйте. Я думал, кто-то может найти это полезным. Конкурент программного обеспечения Datacol. Это действительно хорошо на мой взгляд, и легко в использовании.
Сайт: Сайт: https://www.heliumscraper.com/
Скачать: https://www.heliumscraper.com/eng/download.php
Как обычно, залатанный мной.
Просто загрузите пробную версию и установите
Программа находится в %LOCALAPPDATA%, но ее можно переместить в другое расположение. Просто запустите программу и найдите исполняемый файл в ProcessHacker.
Замените основной исполняемый файл вложенным в него файлом.
Готово.
Если тебе нравится, не покупай. Скачать здесь :)
Извините за мой русский, я пытаюсь учиться и теперь помогаю со словарем.

/NR
 

Вложения

  • Helium Scraper 3.zip
    664.6 КБ · Просмотры: 54
GaiusIuliusCaesar сказал(а):
Ставил кто-то ? Есть отзывы ?
На мой взгляд, он действительно мощный. Можно создать простые шаги для выполнения действий. И запатентованный язык кажется сценарием.
Плюс на странице форума программного обеспечения есть несколько действительно хороших фрагментов кода, которые вы можете импортировать в программу.
 
Trojan. It won't run under windows 7 (free online analysis engines all use win7) and it won't run in a VM. Also not normally packed and went through trouble to fud -- this is trojan. Hopefully no one had run it on bare metal.

Pattern match: "http://www.fhal40a9jfpjhgoiea98yh4.com/"
But really main indicator is that it is opaque (very nonstandard exe unlike any other exe) and won't run in win7 or any vm (without any notice just doesn't run).

ALSO, this software is available FREE on the web site fully functional 10 day trial and just get new trial. Also there are many alternatives available. There is no way this is a legit release.
 
Последнее редактирование:
This is a lie. I would never endanger another member of the forum.
Posting a scan from hybrid-analysis without any context, without any knowledge of how it works and how to reverse engineer or crack .net applications speaks for yourself.
My binary is not packed in any way.
Plus, my friend, the same scan you shared, says "no specific threat", "marked as clean".
Maybe go play with Minecraft or same other game. this is not a place for such an amateur.

I will report you for trying to defame me and my work, while saying to the other members that because my work doesn't work for you on an obsolete not supported anymore OS means that it is malware...what a shame.

As a plus, I will share later or tomorrow, a clear diff of my patches and a patcher script that can be used with .NET Universal Patcher (https://github.com/mobile46/DotNetUniversalPatcher/releases) to do it for any member.

Trust my release.



Это ложь. Я бы никогда не поставил под угрозу другого члена форума.

Размещение сканирования из гибридного анализа без какого-либо контекста, без знания того, как это работает и как реконструировать или взломать приложения .net говорит само за себя.

Мой бинарный файл никак не упакован.

Кроме того, мой друг, то же сканирование, которым вы поделились, говорит «нет конкретной угрозы», «помечен как чистый».

Может пойти играть с Minecraft или той же другой игрой. это не место для такого любителя.


Я сообщу вам за попытку опорочить меня и мою работу, сказав при этом другим участникам, что, поскольку моя работа не работает для вас на устаревшей, больше не поддерживаемой ОС, это означает, что это вредоносное ПО... что позор.


В качестве плюса я поделюсь позже или завтра четким различием моих исправлений и сценарием исправления, который можно использовать с .NET Universal Patcher (https://github.com/mobile46/DotNetUniversalPatcher/releases), чтобы сделать это для любого участника.


Доверься моему освобождению.

/NR
 
This fool is 100% lying piece of shit and should be banned. The software is malware. Why "trust his release" when the software is available fully functional and free from the web site. Didn't like being caught out and instead of slinking away like the piece of shit scammer he is, he chose to attack the messenger. Stupid choice, scriptkiddie scum.

Again, for any admin looking at this, the trojan won't run under any analysis engine or vm - the false clean reports are because of the antivm tricks.
One of the c2 for the trojan is the url I listed http://www.fhal40a9jfpjhgoiea98yh4.com/
 
As promised...

these are the code snippets screenshots of the patched methods in code. Only difference from the binary posted here is that the method GetSystemId (screenshot #3), has the string "Cracked by CepheuS, that is another handle of mine used on another reversing board where I initially thought to post the patch. Never did that though...
Anyone able to download dnSpy can check from himself. No need to justify me upon the words of a fucking amateur...

P.S. zeneq, aren't you related to the software in any way, are you? 🙄 😏

/NR

Helium_Scraper_Patch1.JPG


Helium_Scraper_Patch2.JPG

Helium_Scraper_Patch3.JPG
Helium_Scraper_Patch4.JPG
 
Patcher script here, if you want to patch it yourself:

Rename the .txt extension to .dnup to have it found by DotNet Universal Patcher.

BTW, zeneq, i checked that domain that you reported as inserted by me in the patch...

For your info, the domain is included in the original binary, not by me. You can check for yourself, by downloading the trial as you suggested...

And for the sake of completeness, I looked in the code for any reference to that domain, that, for your safety for malwares...is not even registered...please do your research in advance next time.

That domain is used for testing the scraping features, it has its own namespace and classes. This way you can simply debug some xpath or css by simply binding localhost to that domain.

Hopefully this will end your doubts.

Cheers.

/NR

Helium_Scraper_Domain.JPG


/NR
 

Вложения

  • Helium Scraper 3.x.txt
    2.3 КБ · Просмотры: 17
Последнее редактирование:
I stand corrected and eat my words. I tested this and get the result is not binary-identical but it is very close and I believe that this is the truthful patch he used (dnlib compiling will have these kind of differences.) Further apparently I was wrong about the c2 domain that is just an artifact in the original and isn't called. Also the fact that the exe wouldn't run under a vm or older version of windows is because of the odd way that the software is installed -- it is not some typical "c:\program files\" install but rather in a folder under appdata several layers down and I (and the sandbox software and online tools as well) did not properly test that.

It is very odd that the original software (apparently) has anti-re and vm detection in it but those are not used (the software works fine in a vm) so this further confused me.

I would modify my above second post however this forum isn't letting me edit so I guess this apology will have to do:

Nucl3eaRReact0r, sorry man I was wrong and retract my false statement about your patch - it is legit.​

I don't use this software but if I did I would use your patch and it is a good contribution, thanks for posting it.

Glad I'm wrong. Embarrassed and looking like an idiot, but it's a good thing that the truth goes this direction.
 
zeneq, doubt is always legitimate, and now that we're clear. I thank you. Doubt leads to more knowledge actually.

Actually, this is the whole process of understanding things and make them better.

Respect for your openness.

Feel free to contact me if in need.

/NR
 
Не знаю как у остальных. В моем случае, софт не собирает инфу с большого количества страниц ( например более 50 страниц) просто по ним прыгает без сбора инфы. Если страниц штук 10-20 ( абсолютно аналогичные настройки, просто страниц не 50, а 20) - то да, собирает. Для крупных парсингов такое себе
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх