Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [22:13] <14Hiffwe> so uhh
- [22:14] <14Hiffwe> is there a way to install a H@H client as a hidden service?
- 15[22:14] <04+dnbdave> You mean embed it in a malware rootkit?
- [22:14] <14Hiffwe> not quite that extreme, no
- 15[22:14] <04+dnbdave> aww
- [22:15] <14Hiffwe> i mean if that's an option then hell yeah i'll totally jam that shit in to my local library computers
- [22:15] <14Hiffwe> but
- [22:15] <14Hiffwe> no
- 15[22:15] <04+dnbdave> !bacon Hiffwe
- 08[22:15] <09@elgringo> dnbdave hands a tolerance bacon to Hiffwe. Hiffwe has collected 1 bacon so far.
- 15[22:15] <04+dnbdave> indeed
- 15[22:15] * Parts: bable (~nuckolls@19FACAE.73B92A8.039D596.IP)
- 15[22:15] <04+dnbdave> as would we all
- 15[22:15] <04+dnbdave> !nom
- 08[22:15] <09@elgringo> dnbdave nomnomnoms a peerless bacon. dnbdave has now 665 bacons left.
- 15[22:15] <04+dnbdave> aww
- 15[22:15] * Joins: allred (~badeaux@DBE07C7.F538EDD.76BB8E7.IP)
- 15[22:15] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
- 15[22:16] <04+dnbdave> I assume you're asking about *nix?
- [22:16] <14Hiffwe> i just want to install it on a work computer
- 15[22:16] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
- 15[22:16] * ChanServ sets mode: +v N04h
- 02[22:16] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
- 15[22:16] <04+dnbdave> so w10?
- [22:16] <14Hiffwe> windows 7 i thinks
- [22:16] <14Hiffwe> there's no IT monitoring at all
- 15[22:16] <04+dnbdave> well, the way it's distributed there's no service to install for it, it's command line
- [22:16] <14Hiffwe> i just wanna like
- 15[22:17] <04+dnbdave> you could install a service for it, but it'd be way easier to dump an entry into RunOnce in the registry so it starts after reboot'
- 15[22:17] <04+dnbdave> or
- 15[22:17] <04+dnbdave> create a scheduled task
- [22:17] <14Hiffwe> hide that it's running, and mask the cache folder if possible
- [22:17] <14Hiffwe> yeah
- 15[22:17] <04+dnbdave> scheduled task would be the sneakiest imo
- 15[22:17] <04+dnbdave> you might could craft a policy entry and force it into GPO on the box
- 15[22:18] <04+dnbdave> not sure if that would work actually
- 15[22:18] <04+dnbdave> make sure to create a partition for it and call it "recovery" or something and house the data repo and binaries there
- 15[22:18] <04+dnbdave> :D
- [22:18] <14Hiffwe> smart
- 15[22:19] <04+dnbdave> set the security ACL to restrict to your account for any access to the contents of it
- 15[22:19] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
- 15[22:19] <04+dnbdave> there's plenty of sneaky ways to do it actually
- 15[22:19] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
- 15[22:19] * ChanServ sets mode: +v N04h
- 02[22:19] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
- [22:20] <14Hiffwe> hmm... yes yesssss....
- [22:20] <14Hiffwe> and i would assume that it wouldn't really benefit to install it to multiple systems on the same lan
- [22:20] <14Hiffwe> since the real limiting factor is upload
- [22:21] <14Hiffwe> and also requiring unique IPs...
- 15[22:21] <04+dnbdave> what I would do, if I were script kiddie handy or anything, is house the binaries on a machine and then just configure scripts to download and run it at scheduled intervals from there on each botnet node
- 15[22:21] <04+dnbdave> but that's getting into hard malware territory =P
- 15[22:21] <04+dnbdave> oh
- 15[22:22] * Parts: allred (~badeaux@DBE07C7.F538EDD.76BB8E7.IP)
- 15[22:22] <04+dnbdave> maybe get yourself a few large USB keys and plug em into the back of the boxes
- 15[22:22] <04+dnbdave> store everything you need there perhaps
- 15[22:22] <04+dnbdave> those easily go unnoticed
- [22:22] <14Hiffwe> oooo
- 15[22:22] <04+dnbdave> I have a 128GB one the side of my fingernail here
- 15[22:22] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
- 15[22:22] <04+dnbdave> *size
- 15[22:23] * Joins: burse (~zaic@Rizon-0E1216A.range86-129.btcentralplus.com)
- 15[22:23] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
- [22:23] <14Hiffwe> ehh then usb transfer limits..
- 15[22:23] * ChanServ sets mode: +v N04h
- 02[22:23] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
- [22:23] <14Hiffwe> but hey, that's a great idea for future endevours
- 15[22:23] <04+dnbdave> Only so many ways to mask storage or the contents thereof
- 15[22:25] <04+dnbdave> Another surefire way to distract from suspicion would be to mimic the structure of a Windows.old directory, or maybe dump stuff under Win\Sys\WinSxS or similar
- 15[22:25] <04+dnbdave> no one fucking knows what's under the SxS subdirs since it's all compatibility dll's and stuff
- 15[22:25] <04+dnbdave> it hurts my head even to think of it
- 15[22:26] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
- 15[22:26] <04+dnbdave> this has been fun, I miss opportunities to flex my fiendin'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement