Discord Malware - "i hacked MYSELF??"
HTML-код
- Опубликовано: 20 мар 2021
- To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
For the frenzy of folks that are concerned YoOuUUuU LLEeeEAAaKKEEDdA TOOKKkKEKEENNNNN!N!N!N!!nn1n1hhbjgngn:
No. If you got clever and looked at individual frames, the one you see returns an Unauthorized. Others have been obscured.
Thank you for your concern. :)
Very nice video
I feel like I was called out on this, lol
Dosent tokens change with time
If you stitch together the frames where the working token is visible, you can make out about half of a token. Just to be sure, i would advise changing your password as that generates a new authentication token and invalidates the old one. You wouldn't even have had to blur any tokens if you did that before releasing the video.
Yes, passwords were changed before releasing the video ;)
Please don't stop explaining the simple stuff, I've learned loads thanks.
same
Then why did you see these kind of videos
John Hammond thanks for this video😍😍
It's good to remember every video, especially when they're popular, will have a lot of new people that this is literally their first in depth look at malware analysis. So it's always worth explaining for the new guys.
same here
I don't think I have ever heard anyone say "please send me malware" before
it's all over Twitter if you follow at least one malware analyst
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
@@recommendastra_hack_zoneon709 y spam.exe
tbh I said that to someone who was infected with this malware so then I can report the links
I'm only 5 minutes in, but i feel its relevant to say I appreciate the "easy baby stuff" being reiterated for people like me. I'm learning python for data science. I don't know what all of these imports do. So when you explain every import or at least give basic descriptions of what they do, it really helps me follow along.
Lol yup. Never assume our knowledge base. Those that already know python can easily skip forward that part if they want.
Ok well lol, if your actually learning python you KNOW what import does. Lmao think about the word for a moment…… hmmm do a little work looking up maybe? No? Just wait for someone to do it for you?
@@cedricvillani8502 not only are you pretentious, you also can't read. That's astounding.
@@cedricvillani8502 yes. Feel free to lose your mind over this fact
Well said, I think that's probably the reason I like this guy's videos. Clear, comprehensive step by step instructions and explanations.
That ".il" file is actual CIL (Common Intermediate Language, formerly known as MSIL) code that C# and VB source code files are compiled down to before they're turned into executables.
thanks man
thanks david frisk neck
@@THEbraylonbarnes lmaoo
@@THEbraylonbarnes Its german: David Fresh-Knight
Thanks for making it 'approachable'. I am a beginner in all of this and your quick description of the basic commands is extrememely helpful. It allows me to continue to follow what you are doing and also learn about a wide variety of commands. Of course, further real study is necessary but your presentation helps one broaden understanding of the overall field to be studied. Thanks.
Learning new stuff with you is always great. You always manage to draw my attention for a whole hour.
Omg..can’t wait for this I started seeing a lot of discord trojans in the news last year and I would love to here more in depth analysis.
Recently stumbled upon some of your malware analysis videos and boy am I hooked! love your approach, you make things super easy to understand even for someone with little to no coding knowledge. I hope soon I can find some videos on your channel about learning to program in some of these languages that you work in with malware :) some more gamer-catered stuff would be awesomeee too! thanks John for some very entertaining videos!
Honestly I've not watched a full malware analysis vid from you but this one rly interesting and honestly very well written
Love your content, John! It's really fun to step through code with you.
one of your most easy to understand videos yet. well explained. learned a lot. thank you John!
This will blow up. So many script kiddies on DS
I tried to make this as cl1ckb@!t as possible 😎
@@_JohnHammond i think youve succeeded in making it that
I see them every day. Lots of the exploits people use “generators” for (python scripts you can find on GitHub) are electron related. So many ways to download files to other people’s computers and to crash other people’s computers.
@@JimTheScientist lol hey jim, fancy seeing you here!
JimTheScientist electron is a shit piece of software and I wish permanent annoyance on its devs and applications that use it. should not crash because of a video codec issue
200k! good job man you deserve it :)
Omg, we need to see more of this hog stealer code and whatever else you can find in the land of Discord malware! Keep up the great work and congrats on 200k!
Hey John a little off topic for this video, but your terminator vid, (among all the others!) really helped me pass the eJPT in less than 4 hours last week. Thanks for all great content man!
Great content! Thank you for your contribution and for taking the risk of exposing yourself. Very informative.
I literaly saw this on my youtube feed and inmediately went to make popcorn!!
This is much better, John. You’ve dissect each components and explained thoroughly. Rather than rushing always.
I Love you John. Great video again, interpreted languages is cool to reverse. Congratz on the 200k :)
ayy congrats on 200k John!
I hope more of you guys look into this Discord malware, a lot of this stuff is going undetected and creating a lot of headaches and some of these stealers have keyloggers, gets login sessions from your browsers etc.
Great video John, would love to see you de-obfuscate that JavaScript!
I love these kind of videos, fun new channel to nerd out to. :) Joined the Discord as well! :p
Awesome content as always, John 👏🏻
You're making it happen John ! :) BigUps . Learned lot from you my Guy !! Hopefully more to come. Peace
Was doing exchange patching a week ago and they reference @john Hammond gist love it
ive learned allot from this and that says something because time enrolled in college for this and I feel like these breakdowns help immensely for someone like myself.
You always have great videos!
You are the best! Thank you for explaining also for the beginners.
Congrats on 200k!
THC For (4) L(ife)
9-TetraHydroCannabinol (THC) is a chemical component in Weed and Hasj.
Probably a smoker.
nice vid btw, Learned a lot!
Hey John, love the Malware stuff. Would love to see some Dynamic Analysis with some ransomware or something , cheers
Great video John! Many thanks :-)
Holy smokes, how can it be so easy to retrieve all your discord data without logging in essentially. I wouldn't have guessed that discord is saving these tokens as plaintext in your appdata folder. Very nice video! You've got another sub :)
Late comment, but they're finally releasing a beta tests that encrypts your tokens... and it only took them a few years
@@ayva1106 And even then it's still compromised. People found out malware that circumvented it and managed to reverse engineer it for documentation.
Great video, man. As always :)
Seriously the best content creator out there. Love the videos. Keep them coming.
i'm not gonna lie to you bro, the way you teach is excellent and i appreciate your videos more than you could ever imagine... ever...
The delay is to prevent maxing out discord API requests so it's maximum efficiency
Absolutely fantastic content!
Great Video, and learned a bunch!
I am eagerly waiting .
This is going to be interesting. I’ve studied RCE attacks and Trojans on discord, as well as some more tame malware. I can say that discord is really bad in the security area, but it’s not much to worry about as there are few people who know how to do the attacks and how they work.
Edit: I’ve started watching the video, and I’ve seen almost this exact same script before while moderating a server
More advanced scripts add malicious js to discord core modules it allows the malware to keep persistence while having a low detection rate
That's ok, only a few people know how these attacks work
@@DM-qm5sc only the RCE are private but the scripts are well public
oh hey jim fancy seeing you here
@@tlocto hello
cant wait for 200k so excited !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Awsome video man. I appreciate it a lot
This is going to be an amazing video!
amazing content john
Great video!
really good explication, please keep this up
Oh its a fun series keep it up!
Love your videos sir .Hope you have a great day.
YOUR explanation is Osm!!!🖤🖤🖤
Thanks for this video sir
This seems very intresting. Can't wait to see it
By no means the most advanced malware i've seen, like it does rely on a lot of user error to work, but still nice breakdown
Love ya work chap! Sub'd
Props to this guy managing to get a discord nuker/token logger to 1 hour
@@recommendastra_hack_zoneon709 hope it gets banned again, tiktok does not deserve users
@@aty4282 Its a bot, he is so shit and one of the worst people ngl (the person running the bot)
@@IkeVoodoo goddamn, cant believe that i fell for the classic ones
by the end of the premiere you're gonna have 200k.
true
i dont think but i hope
199K NOOOOOOOOO
@@slonkazoid Just miss :(
@Jocelyn M's Alice are you ok?
I was thinking if i should like this video - then you pointed out your TLOZ shirt. You win
I thought it was clickbait, but DAMN!! legit content
If you open the webhook URL you can identify the name of the webhook, the Guild ID and Channel ID. That information is kinda basic but might help when reporting to Discord
51:50 Hammond enters the freaking Matrix... xD You know a content creator is entertaining when you don't understand shit, and still watches until the end, entertained!
yikes. .. follow up on what more you learn about this for sure lol.
dropped a like. already subbed.
Instant pressed like, as I saw the Triforce. :)
happy 200k
you are genius, you are exceptional tutor, thank you, thank you so much, i got a project idea from this vid.
that sever crasher is probably allowing the person to join servers and spam the server with that users token
Looked like that first sketchy website at 33:50 was a peertube instance. It was probably a community dedicated for malware videos.
I definitely want to see your deobfuscuate that js code :D
it could be the location for discord tokens in those browser since discord uses electron which uses chromium which chrome and a lot of other browsers also use, so it might be that cookies are stored there.
The path has leveldb which is a nosql db where chromium stores it's cookies and local storage
Ok, seeing this premiere I think I can do two unfair bets right now. 1. Bet I'm subscribing here. 2. There's something malicious on my son's PC.
Depends if he downloaded it...
you have a new sub
keep it up.
John! Do the thing!
yes i am interested in more discord stuff
and yes it is bad, but it's good to see and know what is actually out there
I believe it is grabbing also grabbing Chrome, Opera and Brave tokens. The file structure generated by get_tokens seem to also work for those other directories listed
I don't mind you ending this one on sort of a cliffhanger. I thought to myself, I have Discord but I don't have a Python installation. I remembered I specifically installed Perl (yeah not Python) for Blender, and then I searched for Python on my machine. Python comes with a lot of programs ( I have ones for Blender, GIMP 2, Inkscape, LibreOffice, Visual Studio Community Edition ..... and in Windows Apps?? What The ?) This developer dad does not install a default extension handler without blinking at least once, but it seems the Python script is not as harmless if you accepted to automatically open .py files??
Hey! Can u make a list of all the malware you have explored so far, making we all can send unique malware programs
I would advise you to use solid colored bars instead of pixelation since there is currently a promising tool in development that can reverse pixelation to some extend.
hollywood isnt real bro
Reversing pixelation requires context and information, now I haven't actually seen the pixelated part in this video but unless the pixelated content is unambiguously readable as any character, an algorithm won't know either, I bet you'd be able to get an approximation of what it could look like but that may just be as unreadable as it already is, but less pixelated
@@eericjacobson neural networks exist, and they've been in use for years.
Oh wow! I'm impressed.
Only importing that actually used functions, not the whole libraries.
I love how the token stealer disguises as a token stealer 🤣
54:55 I was kind of expecting a "it's bad mmmkay?"
Are you using Whonix for your malware analysis sandbox? I saw a glimpse of the Whonix desktop (little mouse and blue background) and recognized it, so I'm assuming your Virtualbox session is a Whonix VM?
ah yes.. john.. john hammond does it again.
Sometimes you make me really nervous, John.
No, not the tokens, the clumsiness in the shell:P
echo %LOCALAPPDATA% ... or cd %APPDATA% jFYI
But never mind, thanks for the video :)
This is the new script kiddy stuff. Back when people just went around ddosing people for fun in online games, now the kiddies try to steal your discord payment info.
As someone who works with the discord api it's scary how easy it is to get information with a token
It’s also scary to notice how soo much information including cached payment information is in the OVERLAY_INITIALIZE payload.
Do you prefer Virtual Box over Hyper-V manager or other softwares? And if you have some spare time, I would love to know the reason behind your choice of Virtualization software! Kind regards.
been wondering about discords security for a while now... this should be good
Discord is not focused on security if u want maximium security while using discord u should use an very lite version of discord such as discord-cli its not the best nor does it support voice calls but it is very secure as it does stores the token in memory and rce exploits should be near impossible
Yooo Hammond cool haircut 👌
Very nice video, wants me to create on myself (for knowledge purposes ofc, mayby will sent you a link once i do ':) )
I liked at the Zelda shirt. Thanks!
I am entertained way more than watching LiveOverflow
I think the references to Chrome Opera etc is not the malware looking for passwords within these programs as I'm sure Chrome stores you saved passwords encrypted, but it is probably looking for the Discord tokens saved in Chrome for auto login / cookies
For the Browsers It takes The Tokens From Them, Because Some People Log into to them. Like you said :)
I'm pretty sure the password cache of Chrome etc. uses your Windows user creds to encrypt the passwords, so accessing them would at least require some user action.
nope, Chrome uses window's CryptUnprotecData() if i remember correctly (i believe it is from windows.h file).
Yeah nvm, as long as you are signed in you can call CryptUnprotecData, and dumping the passwords can easily be done in python, lol.
APPDATA/LOCAL is where almost all apps store personal user information. Idk why I never see a loop through all folders there.
you can get the user data as well from walking through the code when you send a message. it requests all that for all the other people on the server you are on
thank you posting a topic of choice.
This is really scary, especially if you think about how such a simple script can steal all your data in literal seconds .-.
@28:29 THC4L as in Weed for Life lmao