Unraveling Discord Token Stealer (python MALWARE)

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ •

  • @bigbooduh
    @bigbooduh Рік тому +244

    Blackhats: " For educational purposes only"
    Crypto traders/ scammers: "This is not financial advice "
    Police interrogators: "You have the right to remain silent"

    • @xana3961
      @xana3961 Рік тому +5

      Hey, at least the right to remain silent is something that they're legally forced to give you and need to inform the jury to not hold your silence against you (as well as judgements found to violate that clause getting thrown out entirely)

    • @bigbooduh
      @bigbooduh Рік тому +7

      @@xana3961 I just love the fact that they say that and then keep you for hours and still keep asking you questions.

    • @superhobo666
      @superhobo666 Рік тому +1

      @@xana3961 yeah but the crypto bros and blackhats won't shut off their body cams before handcuffing me and breaking both of my kneecaps

  • @mastercodeon42
    @mastercodeon42 Рік тому +123

    When he was trying to spam the web hook be found with the spammer, you can actually tell if it's working or not by looking at the status colulm. He kept getting 429 response codes, which means that he sent too many request to the discord API. Doesn't look like he was ever able to spam the viral webhook because he already spammed one of his own and discords API rate limited him. Waiting 3-10 minutes will resolve that.

  • @fdert
    @fdert Рік тому +632

    It's always funny to me when they say it's for "educational" purposes when it's clearly malicious

    • @scratch45
      @scratch45 Рік тому

      @Michael DiGregorio really he is so stpid don't 😭

    • @malalyse
      @malalyse Рік тому +19

      Hey i really made it for educationnal in the beggining

    • @User-kq3od
      @User-kq3od Рік тому +29

      By your logic powershell and python as a language are malicious and shouldnt exist because they have the potential to be abused by its users. 🤦

    • @majoryoshi
      @majoryoshi Рік тому +6

      @@User-kq3od by your logic operating systems like windows, macos, or linux shouldn’t be used because they could be used maliciously. your rational falls apart

    • @mk-ps6xv
      @mk-ps6xv Рік тому +23

      @@majoryoshi that's not their point at all

  • @lollol-js8bj
    @lollol-js8bj Рік тому +411

    You could have sent a DELETE request on that web hook URL, then the web hook would have been deleted and any other instances of the malware will not be able to send data to the attackers.

    • @rodricbr
      @rodricbr Рік тому +137

      I tried, but somebody already deleted it lol

    • @182exe
      @182exe Рік тому +27

      🧠

    • @GateKeeper_Systems
      @GateKeeper_Systems Рік тому +78

      but first spam the webhook URL with "your webhook got thanos snapped" and GIFs of thanos doing fortnite dances

    • @Spectrulight
      @Spectrulight Рік тому +8

      @@GateKeeper_Systems I saw ntts do that.

    • @Jacob_D167
      @Jacob_D167 Рік тому

      @@rodricbr same lol

  • @BurtMacklin947
    @BurtMacklin947 Рік тому +65

    Good GOD your sponsor break "Hang on!" frightened the life out of me 😂 I was too invested!

    • @Lampe2020
      @Lampe2020 Рік тому +8

      I read your comment and thought "It can't be that bad, can it?"
      **a few moments later**
      John: "Hang on!"
      Me: **flinching** "Oh, it IS that bad!"

    • @Barqi
      @Barqi Рік тому +3

      Same loool

  • @ChazBword
    @ChazBword Рік тому +50

    As an old guy who did old computer things, I just love your videos and really enjoy them. Thank you for making these.

  • @webrevolution.
    @webrevolution. Рік тому +102

    Synk (the sponsor of this video) has clearly stated in their ToS that they will store any project you'll send them indefinitely and they will not delete it if and when you decide to delete the project on Synk itself.
    Other than that they also require their customers to have their back no matter what. Just read this piece of text from their ToS:
    "You will defend, indemnify and hold harmless Snyk against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your use of the Services, the Platform, Service Data and/or Documentation other than in accordance with this Agreement."
    For me this is very severe and holds me from using the software at all. And it's a pity cause I think it could have been a good one.

    • @Zancb
      @Zancb Рік тому +5

      You'd write that clause too if you were handling people's private repo data and wanted to be absolved from being sued by sue-happy corporate crooks. Not saying you should feel comfortable. I'm saying, there's a real-world reason for writing such language.
      Source: Have worked with data recovery and security companies. Many of them have similar language to this.

    • @webrevolution.
      @webrevolution. Рік тому +10

      @@Zancb Sure there are reason for writing that. One of the reasons being you protect the company from ANY kind of lawsuit. If you one day discover that your private repo is being used by some corporation who's paid Synk big money to grab data from their servers, you could do literally nothing. If they decide to charge your subscription more than it was advertised without any notice whatsoever, you are required to just shut up and take it.
      There are several examples that might be even worse, but you surely get why I don't think it's a service anyone should ever use at all.
      I am not even sure that the paragraph is legally worth anything since imho it might make them avoid accountability for virtually anything a customer might experience on their platform. I do think that is not lawful and they can't just write in their ToS anything they want, the ToS has to respect laws too.
      But I am a developer, not a lawyer and I might have misunderstood when that paragraph might be used. Maybe it does not mean what I do think it means, I am not completely sure.
      If anyone here has a legal background and is willing to elaborate on that you are more than welcome to do so.

    • @woahhhhhh9571
      @woahhhhhh9571 Рік тому +2

      i think you would be hard pressed to find any tos that lacks that verbiage

    • @sethadkins546
      @sethadkins546 Рік тому

      They legally cannot enforce any of that. It's there so that they aren't held liable if you use their software for illegal purposes (a catch-all, if you will). Plenty of software companies do this.

    • @lukeharrison1654
      @lukeharrison1654 Рік тому

      That is going to be in any TOS, its a cover your ass statement, all that second part means is effectively "If you're really shit at writing code, and our software doesn't catch every single last exploit, so it still gets exploited, that's not on us, and you can't say it is, you can't just rely on software to do your job" Any reputable company will have a clause like that if they are doing something similar to snyk, trying to protect you, I'd imagine nearly every last anti-virus would have a similar one too

  • @Lampe2020
    @Lampe2020 Рік тому +18

    16:17 Hey, it's even protected specifically against you, it detects if the username is "John" or the PC name is "John-PC"!

    • @ImTimmy228
      @ImTimmy228 Рік тому +1

      Actually, most of malwares do that, to bypass sandboxes like Triage, Anyrun, VirusTotal.
      If name is like John, it will NOT execute malware

    • @Lampe2020
      @Lampe2020 Рік тому +2

      @@ImTimmy228
      Many do that, yes.
      But of the samples John pulled apart this is the only one I know of. And I've watched many of his videos and I've actually pulled apart some malware samples myself, this is the first one I know of that does protect itself against debugging.

  • @somesalmon5694
    @somesalmon5694 Рік тому +1

    I just want to say that I really appreciate that you have been putting the sponsors in the second half of the video. I don't properly know how to express it besides making the video more comfortable to watch but it has been great! Thank you, keep up the great work!

  • @itsfolf2
    @itsfolf2 Рік тому +53

    I don't think the webhook spam actually worked. The reason your Discord got broken is because *you* sent too many requests, so they started blocking every action from the IP address. You can even see the 429 response codes in the network log

    • @_JohnHammond
      @_JohnHammond  Рік тому +30

      This is true, I borked it when I tested it against myself.

    • @itsfolf2
      @itsfolf2 Рік тому +12

      @@_JohnHammond btw if you send a get request to the webhook url it tells you the guild and channel id it's set at
      not really useful for anything other than reporting though, and I've learned not to count on discord staff

    • @lfcbpro
      @lfcbpro Рік тому

      I'm curious why they can't do this for cheaters in games, I have always said they should just block or in some other way limit the possibilities from a particular IP address when dealing with hackers in CoD etc.

    • @itsfolf2
      @itsfolf2 Рік тому +6

      @@lfcbpro Changing your IP address is easy, and many people may share the same IP address. It's just not worth it.

    • @nordgaren2358
      @nordgaren2358 Рік тому +4

      @@lfcbproLike Checkium said, IP addresses are dynamic. Hardware bans are also ineffective, and can also lead to things like re-sale of HWID banned PC to someone who isn't a cheater, but they place the games the cheater is banned on. So essentially, innocent people wasting their money on a PC that they can't use for what they bought it for, because of the previous owner.

  • @Justin-Garey
    @Justin-Garey Рік тому +9

    Unintended purpose of your video, but I just used the Py-Fuscate and your method of getting the information out to create a challenge for a CTF I'm running at my college in a month.

    • @_JohnHammond
      @_JohnHammond  Рік тому +2

      AWESOME CTF challenge idea!!! 🔥🤩

  • @Sl33pySage
    @Sl33pySage Рік тому +15

    Watching your videos has made me do a complete 180 on my life. Learning Python (Still very new) with the hopes of being a pentester. As a way of getting experience I was thinking of backend engineer to get my foot in the door but I am unsure and COMPLETELY overwhelmed with the amount of stuff to learn that's out there. Is there a roadmap for pentesting to kinda determine where I am and where to go next?
    Awesome video btw! I love the python malware analysis stuff

    • @boogieman97
      @boogieman97 Рік тому +5

      There is no roadmap at all, this industry doesn't have a laid out plan for what you should do and what you should learn. It doesnt fit the mindset of a pentester either. A pentester or even any one in the infosec industry should be by nature very curious and eager to learn anything.

    • @Sl33pySage
      @Sl33pySage Рік тому +3

      @@boogieman97 That's crazy! But also really interesting thank you for clearing that up! I'm pretty eager to learn as much as I can I guess I just worry about all the time I wasted not getting into this industry at a younger age and want to "supercharge" my way to catch up if that makes sense? Anyways, I'll keep that in mind thank you!

    • @sigisaac22
      @sigisaac22 Рік тому +1

      @@Sl33pySage Trust me when I say you're not behind if you're starting at a young age, I started at 15 and am still working my way to being a good pentester. Just enjoy the journey as there is a lot to have in store. Lots of cool knowledge that makes you feel awesome when you pull it off! Welcome to the world of cybersecurity!

    • @PhrosstBite
      @PhrosstBite 11 місяців тому

      @@Sl33pySage not sure where you're at since this was almost a year ago, but it's really never too late. Almost 30 and starting a job with a cybersecurity application startup in 1.5 weeks. I'll still only be in support, but it's as an engineer so it's still its on the path! I started out in biotech, and hit a deadend there. After floating around not really knowing what to do, as you said I eventually pulled a complete 180 because of videos like from @_JohnHammond.
      If you're interested my path was the following: studied the Network+ and A+ (still don't have the certs for them tho 😬decided a degree was more important), did some side projects and self study, got a wfh support call center job as a temp, worked hard to be hired on full time to their implementations department, and used their tuition reimbursement to go to school a bit. Then the company started to act shifty so I applied to a bunch of new jobs, advertised my new skills and talking about the school and personal projects during the interviews, then that was that! I made it real clear in the interviews that I need to learn a bunch still, and they said that seems like what they're looking for, so I'm hoping with this I'll get much more familiar with the field and actually work closer to the tech than ever.
      Like boogieman97 said, there's no real set path, and yeah it's a great analogy for the hacker's attitude of making it work for you, so you could look at it as practice for that mindset :)

  • @LouisSerieusement
    @LouisSerieusement Рік тому +3

    16:34 I'm relieved to see it won't detonate on "JOHN-PC"

  • @TeMeRolEee
    @TeMeRolEee Рік тому +3

    Best defense from now on is making sure that your main OS is looking like a virtual machine. Perfect.

    • @Thvl3
      @Thvl3 Рік тому

      or just using a VM at all times

    • @balsalmalberto8086
      @balsalmalberto8086 9 місяців тому

      That's pretty funny actually. QubesOS reasonably secure indeed.

  • @sadboy-kh8yp
    @sadboy-kh8yp Рік тому +7

    the funny thing is you can just disguise your machine as a VM and it won't run

  • @lukemiddlemiss9841
    @lukemiddlemiss9841 Рік тому +3

    In the VM checker it had ‘John PC’ think there getting wise to you 16:25

  • @Ghost-dx8mm
    @Ghost-dx8mm Рік тому +1

    This is the first video of yours that i've watched. I gotta say, i dont understand a bit of what your saying but i can appreciate what your doing to help people. Subscribed.

  • @ultimatedr460n
    @ultimatedr460n Рік тому +1

    I was hacked with exactly THIS Malware, The Hacker grabs all of token Email Adresses, Codes, Passwords etc etc. I was locked out of my own Privacy

    • @maybemolly237
      @maybemolly237 11 місяців тому

      Me too, me too !! I am dealing with this now.

    • @ultimatedr460n
      @ultimatedr460n 11 місяців тому

      @@maybemolly237 u're struggling?

  • @edgars9581
    @edgars9581 Рік тому +10

    You can send a DELETE request to the webhook url to delete it!

  • @realMattGavin
    @realMattGavin Рік тому +4

    "It worked on my host" his youtube channel turns into a crypto channel in a week.

  • @dascandy
    @dascandy Рік тому +2

    @15:34 Wow, they're not even listing Firefox. Wonder if that's because it doesn't use Chromium or because they think it's too small to be relevant.

  • @siebs888
    @siebs888 Рік тому +2

    My buddy got hit by this last year; dummy got hit up from a random discord user asking him to "try this game I created", easy 300 bucks to the scammer. Cool to see what the capabilities of the malware was.

    • @nordgaren2358
      @nordgaren2358 Рік тому

      If it was an exe, then it was a different malware. Python code packed into an exe doesn't come in script form, it comes as bytecode with it's own portable python.exe

    • @daniel-andersson
      @daniel-andersson Рік тому

      @@nordgaren2358 You can definitely package a Python script into a single-file exe, I've done it before.

  • @airchunk9870
    @airchunk9870 Рік тому +3

    In the future if you get a discord webhook you can actual curl it and it will tell you its server info and you can report it to discord

    • @ChrisTheCringe
      @ChrisTheCringe Рік тому +1

      you can also add webhook in the url bar and it'll show you the same result as cUrl

    • @airchunk9870
      @airchunk9870 Рік тому

      @@ChrisTheCringe true

  • @mendelsphotography
    @mendelsphotography Рік тому +2

    Hey IDK if you saw john, but they put your name in it also. At 16:29 It looks like anyone who might try to look what it does....

  • @legitsu_
    @legitsu_ Рік тому

    Half of the time I don't know what's going on but I still enjoy these videos

  • @someone2130
    @someone2130 Рік тому +1

    It's always a good morning when John Hammond uploads a new video!

  • @maybemolly237
    @maybemolly237 11 місяців тому +1

    They stole every password in my browser and stole my discord and the email for it, then started messaging my family and friends to get them to download the link too. The link was them telling me it was to test a game.
    When you click it, downlload the file, unzip and run, it asks for access to command prompt. Then nothing happens, no game, and then they have all your stuff.

  • @gogasos
    @gogasos Рік тому +1

    Subscribed + Like material. UA-cam content that are put like this are great! Keep up the good work.

  • @OmarImrharn-t5p
    @OmarImrharn-t5p Рік тому

    I appreciate your support. TANK YOU.

  • @drippyash7376
    @drippyash7376 Рік тому

    I love your videos, it’s just a nice feeling when I’m eating a snack watching you dissemble viruses.

  • @SneakyV1_
    @SneakyV1_ Рік тому +2

    john hammond's definitely been working out

  • @AtraxaApologist
    @AtraxaApologist Рік тому +1

    That Py-fuscate script is pretty cool

  • @trjblq
    @trjblq Рік тому +1

    As always, love watching how you work. Great content John. Nice breakdown and explanations.

  • @graveyarder001
    @graveyarder001 Рік тому

    16:54
    line 1254 shows how much of a newbie the developer of the grabber is
    (("VMware" or "VBOX") will always evaluate to "VMware", so "VBOX" is just useless nor will it be detected)

  • @Serpensin
    @Serpensin Рік тому

    You can easily check, if a webhook is active, if you just open the link in a browser.

  • @distortions
    @distortions Рік тому +1

    Some of those ips / computer names are virustotal machines and stuff.

  • @ratchicken8159
    @ratchicken8159 Рік тому

    18:18 couldn't you look at the response discord gives you see if the webhook is still working

  • @luketurner314
    @luketurner314 Рік тому

    13:49 wait... what if you were to rename any of those exe's to random stuff and then run them? would it not kill them, because the process name would be different? like when John has renamed calc.exe in other videos

    • @mongmanmarkyt2897
      @mongmanmarkyt2897 Рік тому

      Yes, but the average person is not going to think of that

    • @nordgaren2358
      @nordgaren2358 Рік тому

      @@mongmanmarkyt2897 It's actually a very common technique for reverse engineers, which is the average person who would be reverse engineering malware.

  • @pedromvl
    @pedromvl 11 місяців тому

    John Hammond, help me, I fell for this malware, but I'm not sure if I was infected, I disabled a bootable that was created and uninstalled discord

  • @balsalmalberto8086
    @balsalmalberto8086 9 місяців тому

    Being open source you can basically add ways to mitigate the methods they steal info

  • @Yadobler
    @Yadobler Рік тому +1

    Is it ethical / "pythonic" to run that os.system('pip') to install all dependencies? Feels illegal

  • @EnejJohhem
    @EnejJohhem Рік тому +3

    *I'm here for "Educational Purposes"

  • @IstAuchEgal_
    @IstAuchEgal_ Рік тому +16

    I belive you can actually delete discord webhooks, not just spam them

    • @imnotmarbin
      @imnotmarbin Рік тому +2

      Yeah, I'm pretty sure ntts showed a website where you can get the webhooks deleted.

    • @Noobogonis
      @Noobogonis Рік тому

      ​@@imnotmarbin he did

    • @Serpensin
      @Serpensin Рік тому +2

      @@imnotmarbin You don't need that. just open your terminal and do a 'curl -X DELETE'.

    • @daleryanaldover6545
      @daleryanaldover6545 Рік тому +2

      @@Serpensin wait, without authorization header? interesting

    • @0x150
      @0x150 Рік тому +5

      @@daleryanaldover6545 if you have the webhook url, you can entirely control it, including changing the name and avatar of it. you can also just plainly delete it by sending a DELETE to the url, but that's less fun than spamming it to death

  • @Linnitup7755
    @Linnitup7755 Рік тому +3

    Quick everyone change their pc name to John-PC

  • @Danjovisagat
    @Danjovisagat Рік тому +1

    This was really educational.
    You taught me how the \something\ part works.

  • @Tapetenputzer
    @Tapetenputzer Рік тому

    i love reverse engeneering, did it called that way?

  • @allnatural1504
    @allnatural1504 Рік тому

    Wait, do people never check their addresss? Even when I know I don’t have the address, or I copy and paste I still make sure every letter is correct, just a fear of mine. But $400 in stolen money?

  • @tapsam_6409
    @tapsam_6409 Рік тому

    New upload, I'm happy now.

  • @fxiqval
    @fxiqval Рік тому

    what i once did is i sent a link to invite a bot to "help the grabber", of course it was my dummy bot but the owners added it and i tracked down what server it was in.

  • @BrandonM-x2q
    @BrandonM-x2q Рік тому +2

    John, I love all your content and it is really inspiring me to become a pentester. I was wondering if you could do a video on all the add-ins/extensions you use within your browsers? It would be cool to see what tools you use. THank you

  • @jiakuren8512
    @jiakuren8512 Рік тому

    one very funny thing is that the music he was listening to is soma extremely stereotypical french drill from an artist who is know to be an absolute liar in his tracks

  • @nicklavine6497
    @nicklavine6497 Рік тому

    So is there a way for someone to steal a discord token without using a link that the user must click on first? Any application or browser based exploits? Or is it as simple as 'don't click on links you don't trust' to remain safe from having your token or credentials stolen?

  • @kostyatitovsky9983
    @kostyatitovsky9983 Рік тому +4

    Meh, GH mods never delete repositories/accounts with malware, unless, of course, if request was from a large company. User/repo from video still active. Also I reported one user almost an year ago and he is still active...

    • @User-kq3od
      @User-kq3od Рік тому +4

      You cannot report open source malware 🤨 it genuinely is educational and not illegal at all

    • @avananana
      @avananana Рік тому

      I mean you can't really shut down someone's account for creating malware programs because it's not wrong to write them, just use them against people who have not given you explicit permission for such. Although ultimately it's up to Github themselves, and they do have the report option for it so I don't really know why they wouldn't.

    • @Infamous159
      @Infamous159 Рік тому

      user is still active as of today, March 9th. Github won't delete a user contributing to the security space. Malware is apart of that space and everyone needs to see how this malware works. Deleting it from GH would do nothing but harm as the owner still has the code on their local branches and now nobody can understand it to protect against if need be. The reality is. Users that get hit by it would probably never know and were never aware it could happen in the first place. Those that are aware are sophisticated users with some of them being us coming to watch hacking videos on youtube. We want to see that code. Not let it disappear.

  • @Visoriz
    @Visoriz Рік тому

    What in the half life cmd was that

  • @FireFuzzball673
    @FireFuzzball673 Рік тому

    i wish you could use the webhook to join the server

  • @182exe
    @182exe Рік тому +2

    please credit exyl for using his art in your thumbnail

    • @_JohnHammond
      @_JohnHammond  Рік тому

      All credit to exyl for art in the thumbnail :)

  • @lfcbpro
    @lfcbpro Рік тому +1

    I'm curious if it is wise to report users like that,
    is it not possible that if all of the github's are reported that host code like this, that it will be harder to find the code etc, like you showed, which will limit the ability to check for bad actors, as against researchers or documenters of malware?

    • @brydiginte6552
      @brydiginte6552 Рік тому

      I agree, and also reporting code seems crazy to begin with

    • @sethadkins546
      @sethadkins546 Рік тому

      There's already plenty of detection tools for stuff like this, it's unnecessary to keep it up.

  • @Elementening
    @Elementening Рік тому +1

    i dont see any credit to exyl for his discord logo in the thumbnail from his video PING!

    • @_JohnHammond
      @_JohnHammond  Рік тому +1

      Credit to exyl for discord logo in the thumbnail from his video PING! :)

    • @Elementening
      @Elementening Рік тому +1

      @@_JohnHammond wow, fast response.

  • @diyakoadnan
    @diyakoadnan Рік тому

    I downloaded a file from an indian youtube channel, and i got a spyware from it,I only rebooted my pc without deleting the os and reinstalling it again, Am i safe?
    Thanks for helping me

  • @DaxyGamer
    @DaxyGamer Рік тому

    15:29 and not one for gecko based browsers

  • @blinking_dodo
    @blinking_dodo Рік тому

    So if you want to stay safe, you need to make your pc look like an virus analyzer...

  • @Bryxint
    @Bryxint Рік тому

    Great Video. Fire!!!!!

  • @doopy
    @doopy Рік тому +5

    most of this guys code is skidded/taken from other people.

    • @radon-sp
      @radon-sp Рік тому +2

      obviously

    • @rodricbr
      @rodricbr Рік тому

      yeah... even python that is easy to learn

    • @SbhHackedbyReverseEnglishKooda
      @SbhHackedbyReverseEnglishKooda Рік тому

      No.

    • @doopy
      @doopy Рік тому

      @@rodricbr maybe python is easy to learn, but the code that was used to create this malware is not if you write it by yourself without using outside sources (which this person did not do)

    • @doopy
      @doopy Рік тому

      @@radon-sp thanks Joswel

  • @squid13579
    @squid13579 Рік тому +2

    John how can I contact you ! I need to inform you something. It's seriously important for cyber Crime perspective. Can I dm you ?

  • @westerlystew9494
    @westerlystew9494 Рік тому +1

    hey john i'd credit Exyl for the thumbnail image of the red discord logo which was created by him for his Discord call sound effect remix

    • @nordgaren2358
      @nordgaren2358 Рік тому

      I put it in the description just now. Thanks for the reminder! - Nordgaren

    • @westerlystew9494
      @westerlystew9494 Рік тому +1

      @@nordgaren2358 danke

  • @lelandlewitch
    @lelandlewitch Рік тому

    these are very easy to make ive made one before people call them a "stub" its crazy how easy it is js one click of a button and paste ur webhook n boom js like that u have an exe file that takes all info passwords location ip etc

  • @ohrayoe3858
    @ohrayoe3858 Рік тому

    Any ideas how to prevent something like this from being used on you?

    • @Wwinstar
      @Wwinstar Рік тому +4

      Yes, do not visit links that you do not trust and do not ever download any type of file unless it is from a verified and trusted source.

    • @ohrayoe3858
      @ohrayoe3858 Рік тому

      @@Wwinstar so that i get, but how would i stop what John Hammond did at the end with the bot spam?

    • @Wwinstar
      @Wwinstar Рік тому +3

      @@ohrayoe3858 Uh, you mean the webhook spammer? In case you created a webhook for your discord server you should just keep the webhook's URL to yourself and not give it to anyone else. Just like your discord token or of any bot you create.

    • @ohrayoe3858
      @ohrayoe3858 Рік тому +2

      @@Wwinstar oh, ok. Thank you very much.

    • @Infamous159
      @Infamous159 Рік тому

      rename your PC to John-PC

  • @jasondotjson34
    @jasondotjson34 Рік тому

    Yeah in fact. You have to install python to run it ;)

  • @m4vf
    @m4vf Рік тому

    If are to write such malware why upload it to Git public repository? This is ignorance at its prime, and thank God for that :) Good work, once again, Mr. Hammond.

    • @Infamous159
      @Infamous159 Рік тому

      Someone writing sophisticated code like this obviously didn't just upload it there with no reasoning behind it. They most likely genuinely want others to see it... AND use it. AND contribute to it to help make it more dangerous.

    • @gnutard1735
      @gnutard1735 Рік тому

      @@Infamous159 hes a skid. "trying to help the world out". he can't code at all.

  • @joetango8521
    @joetango8521 Рік тому +8

    Unfortunately, the 429 indicates that your IP is being ratelimited by discord, so those messages likely never reached the stealer's webhook. That is why you could not delete any messages or do anything more in your testing channel; they were blocking you from using the API.

    • @mastercodeon42
      @mastercodeon42 Рік тому

      There's a way around their blocker tho, if I remember correctly, I think it's cloudflair. If you're using selenium, you can delete the cookies and cache. Doing so would bypass the block. That was for cloud flair, but I remember there was something for the discord API rate limiting as well for bypassing

    • @_JohnHammond
      @_JohnHammond  Рік тому +1

      This is true, I borked it since I had tested it against myself beforehand. :)

    • @mastercodeon42
      @mastercodeon42 Рік тому

      @@_JohnHammond lol I was messing with discord apis and malware a while back and was totally baffled as to why none of my API calls would ever work. A month later I found out 🤣

    • @skhdbsfdb
      @skhdbsfdb Рік тому

      @@mastercodeon42 *proxie

    • @mastercodeon42
      @mastercodeon42 Рік тому

      @@skhdbsfdb Nah, I don't think a proxy solves their API rate limiting, but I could be wrong tho

  • @tommychappers4338
    @tommychappers4338 Рік тому

    bro i just had a total freak moment... im watching this and outta nowhere my cmd opened up for amdautoupdate... i thought i just got infected by a damn vid lmao

  • @realjoecast
    @realjoecast Рік тому +2

    discord is a privacy nightmare. as I type this comment on youtube which is worse lol

  • @stk.dominic
    @stk.dominic Рік тому +1

    de astea faceam eu la TIC in generala

  • @Voldamort07
    @Voldamort07 Рік тому +2

    People who made this are watching this tutorials to find there's vulnerability 😂

  • @nbkmagic9063
    @nbkmagic9063 3 місяці тому

    where is script link?

  • @chemrot931
    @chemrot931 Рік тому

    This is some real skid malware 💀

  • @njezi
    @njezi Рік тому

    you could have spammed the shit out of that webhook and then send a delete request

  • @cheetodustfingers951
    @cheetodustfingers951 Рік тому +2

    L john, you could have just deleted the webhook the guy made, even though blackcap is Dualhooked, and everything you're sent also gets sent to KSCHdsc. Reporting the actual repository wasn't necessary. if you are dumb enough to install an executable from someone you don't particularly know you deserve whatever happens to you.

  • @francismori7
    @francismori7 Рік тому

    Your spammer thingy is not working by the end of the video because it's sending requests from your personnal IP, you were the one that was blacklisted for spamming (429s), so no, they didn't get to the webhook

    • @_JohnHammond
      @_JohnHammond  Рік тому

      This is true, I borked it since I had tested it against myself beforehand. :)

  • @elgameryt2074
    @elgameryt2074 Рік тому

    How can i know what server the webhook is joined in? And send me an invite to it i wanna know so i can troll the devs lol
    (Not for stealing others peoples data)

  • @arta6183
    @arta6183 Рік тому

    did they seriously make a PUBLIC repository?

    • @Infamous159
      @Infamous159 Рік тому

      plenty of them out there. i dont see how all of these comments dont get the fact that Open Source is used to not only make things public, but also get CONTRIBUTIONS to the project. Looks like all of his dangerous projects are frequently updated weekly/daily. BlackCap itself has 5 authors, 4 contributors and it was created from forks of
      Hazard Grabber
      PirateStealer
      Wasp-stealer
      Builder by Luna token grabber
      VERY common thing going on here. Malware is software like everything else. Some tools on Kali Linux can be found on GH as well. Those tools are dangerous. "but but it's Kali... It's for good guy pentester" Yea. And Of course malicious hackers as well because the tools can be good and bad.

  • @superJK92
    @superJK92 Рік тому

    Even if the webhook wasn't deleted I would be immune to it as my pc name is on the list of ones it won't run on lol

  • @petitpainaulait905
    @petitpainaulait905 Рік тому

    It really seems to be for education, I guess they are french students learning malware analysis

    • @nordgaren2358
      @nordgaren2358 Рік тому +1

      Yea, they came into the Discord, and posted here that they did it for educational reasons. It's just a shame that the malware is very potent (steals CC info and stuff). Would probably be a good idea to keep stuff like that out of the educational repos :P

  • @AZANSHAHID
    @AZANSHAHID Рік тому

    at 16:31 there is a username JOHN-PC so that he can't analyze the malware. :):

  • @nod..
    @nod.. Рік тому

    ive heard the owner KSCH wanted to talk to you

    • @nordgaren2358
      @nordgaren2358 Рік тому

      KSCH came to the Discord, and they talked!

  • @WashingtonFernandes
    @WashingtonFernandes Рік тому

    The account stills up, i also reported it!

  • @demonboi6930
    @demonboi6930 Рік тому

    its all good when its for educational purposes.

  • @EthanTrewhitt
    @EthanTrewhitt Рік тому +1

    I haven't used the marshal library before, but I did notice the red box in its Python documentation that says never to unmarshal code from an untrustworthy source. Running this on your host was risky!

    • @CallMeJoshua
      @CallMeJoshua Рік тому +1

      if they were savvy they could have used a magic method to auto execute the code, avoiding extra exec calls. he is lucky that skids aren't savvy

  • @ReuS_687
    @ReuS_687 Рік тому

    You are definitely more genuine than him :D

  • @Krewz
    @Krewz Рік тому

    Import os
    Okay, where done here

  • @DarkFaken
    @DarkFaken Рік тому

    Thanks John!

  • @__4654
    @__4654 Рік тому +3

    Oh my god..this is the first time I’m being first for a video!

  • @TheGabrielMoon
    @TheGabrielMoon Рік тому

    I think this guy strap out code from others and blend all together, maybe he don't know if works for real

  • @davidmcgoat2924
    @davidmcgoat2924 Рік тому

    careful discord does not think anyone can steal your token..... just saying that is what they told me 2 years and and last week XD

  • @TheSxW
    @TheSxW Рік тому

    a 3:00 i could already tell if you remove 1 more function from it the marshal and leave decode it should kinda work ;)

  • @babastriker5027
    @babastriker5027 Рік тому

    its black cap grabber

  • @taxmachine5264
    @taxmachine5264 Рік тому

    fun fact, the injection isn't even made by him lmao, its one of my friend who did it and got paid

    • @kilopopyt
      @kilopopyt Рік тому

      bruh i work with "dialz"

    • @kilopopyt
      @kilopopyt Рік тому

      i paid it for a "rewrite" not a write

    • @taxmachine5264
      @taxmachine5264 Рік тому

      @@kilopopyt you still paid for injection lmao

    • @fubukii1891
      @fubukii1891 Рік тому

      @@kilopopyt eh?

    • @kilopopyt
      @kilopopyt Рік тому

      @@fubukii1891 il dit que jtai payé pour faire l'inject, alors que bon on s'est dit nous meme que c'etais un rewrite.
      Un gros rewrite certe mais bon faut pas pousser

  • @kevinwong_2016
    @kevinwong_2016 Рік тому

    Do some mobile malware analysis

  • @tyrojames9937
    @tyrojames9937 Рік тому

    INTERESTING❗