API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 12th, 2019
193
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.08 KB | None | 0 0
raw download clone embed print report
  1. [22:13] <14Hiffwe> so uhh
  2. [22:14] <14Hiffwe> is there a way to install a H@H client as a hidden service?
  3. 15[22:14] <04+dnbdave> You mean embed it in a malware rootkit?
  4. [22:14] <14Hiffwe> not quite that extreme, no
  5. 15[22:14] <04+dnbdave> aww
  6. [22:15] <14Hiffwe> i mean if that's an option then hell yeah i'll totally jam that shit in to my local library computers
  7. [22:15] <14Hiffwe> but
  8. [22:15] <14Hiffwe> no
  9. 15[22:15] <04+dnbdave> !bacon Hiffwe
  10. 08[22:15] <09@elgringo> dnbdave hands a tolerance bacon to Hiffwe. Hiffwe has collected 1 bacon so far.
  11. 15[22:15] <04+dnbdave> indeed
  12. 15[22:15] * Parts: bable (~nuckolls@19FACAE.73B92A8.039D596.IP)
  13. 15[22:15] <04+dnbdave> as would we all
  14. 15[22:15] <04+dnbdave> !nom
  15. 08[22:15] <09@elgringo> dnbdave nomnomnoms a peerless bacon. dnbdave has now 665 bacons left.
  16. 15[22:15] <04+dnbdave> aww
  17. 15[22:15] * Joins: allred (~badeaux@DBE07C7.F538EDD.76BB8E7.IP)
  18. 15[22:15] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
  19. 15[22:16] <04+dnbdave> I assume you're asking about *nix?
  20. [22:16] <14Hiffwe> i just want to install it on a work computer
  21. 15[22:16] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
  22. 15[22:16] * ChanServ sets mode: +v N04h
  23. 02[22:16] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
  24. 15[22:16] <04+dnbdave> so w10?
  25. [22:16] <14Hiffwe> windows 7 i thinks
  26. [22:16] <14Hiffwe> there's no IT monitoring at all
  27. 15[22:16] <04+dnbdave> well, the way it's distributed there's no service to install for it, it's command line
  28. [22:16] <14Hiffwe> i just wanna like
  29. 15[22:17] <04+dnbdave> you could install a service for it, but it'd be way easier to dump an entry into RunOnce in the registry so it starts after reboot'
  30. 15[22:17] <04+dnbdave> or
  31. 15[22:17] <04+dnbdave> create a scheduled task
  32. [22:17] <14Hiffwe> hide that it's running, and mask the cache folder if possible
  33. [22:17] <14Hiffwe> yeah
  34. 15[22:17] <04+dnbdave> scheduled task would be the sneakiest imo
  35. 15[22:17] <04+dnbdave> you might could craft a policy entry and force it into GPO on the box
  36. 15[22:18] <04+dnbdave> not sure if that would work actually
  37. 15[22:18] <04+dnbdave> make sure to create a partition for it and call it "recovery" or something and house the data repo and binaries there
  38. 15[22:18] <04+dnbdave> :D
  39. [22:18] <14Hiffwe> smart
  40. 15[22:19] <04+dnbdave> set the security ACL to restrict to your account for any access to the contents of it
  41. 15[22:19] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
  42. 15[22:19] <04+dnbdave> there's plenty of sneaky ways to do it actually
  43. 15[22:19] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
  44. 15[22:19] * ChanServ sets mode: +v N04h
  45. 02[22:19] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
  46. [22:20] <14Hiffwe> hmm... yes yesssss....
  47. [22:20] <14Hiffwe> and i would assume that it wouldn't really benefit to install it to multiple systems on the same lan
  48. [22:20] <14Hiffwe> since the real limiting factor is upload
  49. [22:21] <14Hiffwe> and also requiring unique IPs...
  50. 15[22:21] <04+dnbdave> what I would do, if I were script kiddie handy or anything, is house the binaries on a machine and then just configure scripts to download and run it at scheduled intervals from there on each botnet node
  51. 15[22:21] <04+dnbdave> but that's getting into hard malware territory =P
  52. 15[22:21] <04+dnbdave> oh
  53. 15[22:22] * Parts: allred (~badeaux@DBE07C7.F538EDD.76BB8E7.IP)
  54. 15[22:22] <04+dnbdave> maybe get yourself a few large USB keys and plug em into the back of the boxes
  55. 15[22:22] <04+dnbdave> store everything you need there perhaps
  56. 15[22:22] <04+dnbdave> those easily go unnoticed
  57. [22:22] <14Hiffwe> oooo
  58. 15[22:22] <04+dnbdave> I have a 128GB one the side of my fingernail here
  59. 15[22:22] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
  60. 15[22:22] <04+dnbdave> *size
  61. 15[22:23] * Joins: burse (~zaic@Rizon-0E1216A.range86-129.btcentralplus.com)
  62. 15[22:23] * Joins: N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz)
  63. [22:23] <14Hiffwe> ehh then usb transfer limits..
  64. 15[22:23] * ChanServ sets mode: +v N04h
  65. 02[22:23] <08@EHSpectre> 4«12WB (N04h) 12WB4». <+N04h> someone make me a WB message
  66. [22:23] <14Hiffwe> but hey, that's a great idea for future endevours
  67. 15[22:23] <04+dnbdave> Only so many ways to mask storage or the contents thereof
  68. 15[22:25] <04+dnbdave> Another surefire way to distract from suspicion would be to mimic the structure of a Windows.old directory, or maybe dump stuff under Win\Sys\WinSxS or similar
  69. 15[22:25] <04+dnbdave> no one fucking knows what's under the SxS subdirs since it's all compatibility dll's and stuff
  70. 15[22:25] <04+dnbdave> it hurts my head even to think of it
  71. 15[22:26] * Quits: +N04h (~oosacker@Rizon-A359C02D.sparkbb.co.nz) (Remote host closed the connection)
  72. 15[22:26] <04+dnbdave> this has been fun, I miss opportunities to flex my fiendin'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!