Poker-AI.org

Poker AI and Botting Discussion Forum
It is currently Mon Oct 14, 2019 2:06 am

All times are UTC




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Remote access via RAT?
PostPosted: Sat May 23, 2015 7:28 am 
Offline
New Member

Joined: Sat May 23, 2015 7:22 am
Posts: 1
Hey,

i was wondering what are the expereriences using a custom built RAT that disguises as a system process on the "infected" machine and doing a Remote Screenshare from the Host where i capture my Screenshots on. How detectable / supsicious is that?

Thank you.


Top
 Profile  
 
PostPosted: Wed May 27, 2015 9:58 am 
Offline
New Member

Joined: Wed May 27, 2015 9:50 am
Posts: 2
As a former detective let me tell you one of the favorite methods of fabricating evidence, next to getting the password resets for email accounts and using them to make forum posts that corroborate nonexistent links, was to use RATs to frame innocent people. I can't even count how many times I've perjured myself and lied to the courts both on the stand and in warrants, but like my personal hero Adolf Hitler always used to say: the ends always justify the means.


Top
 Profile  
 
PostPosted: Fri May 29, 2015 7:36 pm 
Offline
New Member

Joined: Fri May 29, 2015 7:22 pm
Posts: 2
You would be bound by the same things that get you caught in the first place, DLL injections and other memory/mouse detection's. The RAT is essentially a 'bot' that receives it's controls over the network from a different machine, so you're not changing anything here. It's not a good idea.

Something that may be relevant, I know someone who was hacked several years ago on Stars with a RAT. The person used the RAT to first gain access, then when the person was asleep (computer still on) they installed teamviewer and proceeded to play on their account and loose money to the hacker in a real game. Stars is very smart and they record a lot of data. They told my friend the exact process that was used by the RAT which was svchost, and they saw the new installation and usage of teamviewer + the IP it was connected to. They returned him his money, $7,000, because they IP connected to my friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker).

My friend, knowing I was a malware researcher and into reverse-engineering, sent me the sample of the RAT (it came from a cracked version of HoldemManager) and I found Stars was indeed right. The malware would inject itself into an open instance of svchost, then it pings the hacker, and is able to take a file to download/run.

I've also done my own research and know for a fact several Stars staff members post on rohitab.com so they know a good amount about malware, and memory/win API tricks. One of their current security engineers used to work at Symantec too.


Top
 Profile  
 
PostPosted: Fri May 29, 2015 11:49 pm 
Offline
New Member

Joined: Wed May 27, 2015 9:50 am
Posts: 2
Generally, when you connect to Teamviewer, you're connecting through their servers. Both the client and server connect outbound only. So it's unlikely the "IP connected to your friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker)."

HoldemManager doesn't allow remote access as far as I know, their main purpose is to ... well, manage hold'em. They inject code into the casino app to gain access to the game state, but they don't operate as a RAT.

"The malware ... pings the hacker, and is able take a file to download/run." What? Why would the hacker need to download/run a file if he/she was just viewing the opp's cards with TeamViewer?

Your entire story sounds very convoluted and doesn't really make any sense, especially from somebody claiming to be a "malware researcher." Even I, a mentally retarded pig, can see through this BS.


Top
 Profile  
 
PostPosted: Sat May 30, 2015 12:04 pm 
Offline
New Member

Joined: Fri May 29, 2015 7:22 pm
Posts: 2
ISmellBacon wrote:
Generally, when you connect to Teamviewer, you're connecting through their servers. Both the client and server connect outbound only. So it's unlikely the "IP connected to your friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker)."

HoldemManager doesn't allow remote access as far as I know, their main purpose is to ... well, manage hold'em. They inject code into the casino app to gain access to the game state, but they don't operate as a RAT.

"The malware ... pings the hacker, and is able take a file to download/run." What? Why would the hacker need to download/run a file if he/she was just viewing the opp's cards with TeamViewer?

Your entire story sounds very convoluted and doesn't really make any sense, especially from somebody claiming to be a "malware researcher." Even I, a mentally retarded pig, can see through this BS.


You pretty much managed to misunderstand everything I said, and you're also not as smart as you think you are. Let me break it down.

- Teamviewer is indeed not P2P, but teamviewer also uses an ID to connect to the other party that shows in the window title. For readers that haven't used Teamviewer before, I said IP just to make it simpler for them to understand. The story was complicated, I needed to trim the fat. Pokerstars noticed the ID matched in both windows on both players machines.

- I never said holdemanager is a RAT. I was saying this person used a cracked version with the trial removed. The person who cracked it, attached their own separate payload inside the program and had it run every time the person ran holdemanager. (this is why you should never use cracks)

- The malware that was in the holdemanager crack was simple, it was just what we call a 'loader'. It injects itself into a running process, and then sits and waits while sending out periodic pings back to it's C&C looking for a file to download and run. That's it's only functionality, as it keeps malware small and stealth. A popular loader for example was Smoke Loader. In this case, the loader was pulling in a teamviewer binary with some AutoIt script attached that installs it automatically, and sends the attacker back the ID pass to connect. This is the kind of malware your anti-virus/firewall will NOT catch.

Next time don't judge people, you should be grateful I even shared what I know. It's an almost certainty some scumbag will read this and get a smart idea.


Top
 Profile  
 
PostPosted: Mon Jun 01, 2015 2:54 pm 
Offline
New Member

Joined: Mon Jun 01, 2015 2:53 pm
Posts: 1
As anybody in the intelligence community will tell you, myself included, feds rape innocent victims on a daily basis. It's practically our job title. Myself, for example, I'm trained to tell people: "I work with computers, I work for the government, and that's all I can say." My point is: we defeated Hitler not to save humanity but because we wanted his job. Period. So get over it people.


Top
 Profile  
 
PostPosted: Thu Jun 04, 2015 4:15 pm 
Offline
New Member

Joined: Thu Jun 04, 2015 4:14 pm
Posts: 1
Listen, I work for the CIA, and as anybody in the world will tell you, including Captain Kirk, we rape more innocent victims than anybody else. Just because I'm stalking a guy, for some 20 years, on here, it doesn't mean I haven't helped anybody. I can't recall in any meaningful statistical sense, but I'm sure it's happened.


On a side note, here's my favorite song:

Nena
99 Red Balloons Lyrics

You and I in a little toy shop
Buy a bag of balloons with the money we've got
Set them free at the break of dawn
'Til one by one they were gone
Back at base bugs in the software
Flash the message "something's out there!"
Floating in the summer sky
Ninety-nine red balloons go by

Ninety-nine red balloons
Floating in the summer sky
Panic bells, it's red alert
There's something here from somewhere else
The war machine springs to life
Opens up one eager eye
Focusing it on the sky
Where ninety-nine red balloons go by

Ninety-nine decision street
Ninety-nine ministers meet
To worry, worry, super scurry
Call the troops out in a hurry
This is what we've waited for
This is it, boys, this is war
The president is on the line
As ninety-nine red balloons go by

You and I in a little toy shop
Buy a bag of balloons with the money we've got
Set them free at the break of dawn
'Til one by one they were gone
Back at base bugs in the software
Flash the message "something's out there!"
Floating in the summer sky
Ninety-nine red balloons go by

Ninety-nine red balloons
Floating in the summer sky
Panic bells, it's red alert
There's something here from somewhere else
The war machine springs to life
Opens up one eager eye
Focusing it on the sky
Where ninety-nine red balloons go by

Ninety-nine decision street
Ninety-nine ministers meet
To worry, worry, super scurry
Call the troops out in a hurry
This is what we've waited for
This is it, boys, this is war
The president is on the line
As ninety-nine red balloons go by

Ninety-nine knights of the air
Ride super high-tech jet fighters
Everyone's a super hero
Everyone's a captain Kirk
With orders to identify
To clarify and classify
Scramble in the summer sky
Ninety-nine red balloons go by

As ninety-nine red balloons go by

Ninety-nine dreams I have had
In every one a red balloon
It's all over and I'm standing pretty
In this dust that was a city
If I could find a souvenir
Just to prove the world was here
And here is a red balloon


Top
 Profile  
 
PostPosted: Thu Jun 04, 2015 4:33 pm 
Offline
Veteran Member

Joined: Thu Feb 28, 2013 2:39 am
Posts: 437
Wow.


Last edited by cantina on Thu Apr 14, 2016 9:54 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Jun 04, 2015 5:19 pm 
Offline
New Member

Joined: Thu Jun 04, 2015 5:17 pm
Posts: 1
Zeitgeist.


Top
 Profile  
 
PostPosted: Fri Jun 19, 2015 10:13 pm 
Offline
New Member

Joined: Fri Jun 19, 2015 10:04 pm
Posts: 2
As a lawyer who has been stalking a guy on this forum for awhile for personal reasons one of my favorite methods of spying has been with the use of RATs. I got buddies that work at major email providers and we pay them off well to get the password reset information for accounts. Then BAM, we can do whatever we want. Some consider us the antichrist but I think we're just superior, not unlike the Aryans.


Top
 Profile  
 
PostPosted: Mon Jun 22, 2015 12:04 am 
Offline
New Member

Joined: Mon Jun 22, 2015 12:02 am
Posts: 1
yall is amateurs!!!!!!! imma sheriff's deputy and we use windows update to get our rats into machines! even got ms signed malware! but keep it on the downlow i aint supposed to be telling yall without security clearance.


Top
 Profile  
 
PostPosted: Thu Jul 09, 2015 3:04 pm 
Offline
New Member

Joined: Thu Jul 09, 2015 3:00 pm
Posts: 1
I don't know about you guys but I'm so fricken upset that I can't rape innocent victims anymore. :( Gah! We were having so much fun raping the shit out of people and framing people left and right with this here Hacking Team malware why did somebody have to go any ruin our fun!!!!!!!!!!!!! We literally had no oversight what-so-fucking-ever to stalk and harass the shit out of people. Now people will be able to detect our software and sue us. :( Guess I'll just have to drown my sorrows in some Mexican cartel funded hookers.

http://arstechnica.com/security/2015/07 ... -the-wild/


Top
 Profile  
 
PostPosted: Sat Jul 11, 2015 4:37 pm 
Offline
New Member

Joined: Sat Jul 11, 2015 4:32 pm
Posts: 1
DEA_guy wrote:
I don't know about you guys but I'm so fricken upset that I can't rape innocent victims anymore. :( Gah! We were having so much fun raping the shit out of people and framing people left and right with this here Hacking Team malware why did somebody have to go any ruin our fun!!!!!!!!!!!!! We literally had no oversight what-so-fucking-ever to stalk and harass the shit out of people. Now people will be able to detect our software and sue us. :( Guess I'll just have to drown my sorrows in some Mexican cartel funded hookers.

http://arstechnica.com/security/2015/07 ... -the-wild/

I'm pissed off to and I feelz you right the heart G. That feeling you know when you can rape an innocent person it's so powerful. GD! I miss it! All this nonsense about power corrupts we at the FBI don't give a fuck cause we believe we're superior. Shit! And like encryption and shit it's totally going to ruin our fun. Fuck man I hope congress doesn't see past our bullshit. Guess I'll go steal some heroin from an evidence locker and drown my sorrows.

P.S. we should hang out sometime.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB® Forum Software © phpBB Group