Discord Malware - "i hacked MYSELF??"
ฝัง
- เผยแพร่เมื่อ 20 มี.ค. 2021
- To help support me, check out Kite! Kite is a coding assistant that helps you faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
For the frenzy of folks that are concerned YoOuUUuU LLEeeEAAaKKEEDdA TOOKKkKEKEENNNNN!N!N!N!!nn1n1hhbjgngn:
No. If you got clever and looked at individual frames, the one you see returns an Unauthorized. Others have been obscured.
Thank you for your concern. :)
Very nice video
I feel like I was called out on this, lol
Dosent tokens change with time
If you stitch together the frames where the working token is visible, you can make out about half of a token. Just to be sure, i would advise changing your password as that generates a new authentication token and invalidates the old one. You wouldn't even have had to blur any tokens if you did that before releasing the video.
Yes, passwords were changed before releasing the video ;)
Please don't stop explaining the simple stuff, I've learned loads thanks.
same
Then why did you see these kind of videos
John Hammond thanks for this video😍😍
It's good to remember every video, especially when they're popular, will have a lot of new people that this is literally their first in depth look at malware analysis. So it's always worth explaining for the new guys.
same here
I don't think I have ever heard anyone say "please send me malware" before
it's all over Twitter if you follow at least one malware analyst
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
A ban was placed on my Ticktok, PSN account which affected my score but all Thanks To #global_hackweiser1 i got all access to my banned accounts within some minutes which i summon the trust to work with him after i saw most of his good recommandations on You-Tube. You trully a Man of your word.💯
@@recommendastra_hack_zoneon709 y spam.exe
tbh I said that to someone who was infected with this malware so then I can report the links
I'm only 5 minutes in, but i feel its relevant to say I appreciate the "easy baby stuff" being reiterated for people like me. I'm learning python for data science. I don't know what all of these imports do. So when you explain every import or at least give basic descriptions of what they do, it really helps me follow along.
Lol yup. Never assume our knowledge base. Those that already know python can easily skip forward that part if they want.
Ok well lol, if your actually learning python you KNOW what import does. Lmao think about the word for a moment…… hmmm do a little work looking up maybe? No? Just wait for someone to do it for you?
@@cedricvillani8502 not only are you pretentious, you also can't read. That's astounding.
@@cedricvillani8502 yes. Feel free to lose your mind over this fact
Well said, I think that's probably the reason I like this guy's videos. Clear, comprehensive step by step instructions and explanations.
That ".il" file is actual CIL (Common Intermediate Language, formerly known as MSIL) code that C# and VB source code files are compiled down to before they're turned into executables.
thanks man
thanks david frisk neck
@@THEbraylonbarnes lmaoo
@@THEbraylonbarnes Its german: David Fresh-Knight
This will blow up. So many script kiddies on DS
I tried to make this as cl1ckb@!t as possible 😎
@@_JohnHammond i think youve succeeded in making it that
I see them every day. Lots of the exploits people use “generators” for (python scripts you can find on GitHub) are electron related. So many ways to download files to other people’s computers and to crash other people’s computers.
@@JimTheScientist lol hey jim, fancy seeing you here!
JimTheScientist electron is a shit piece of software and I wish permanent annoyance on its devs and applications that use it. should not crash because of a video codec issue
Omg..can’t wait for this I started seeing a lot of discord trojans in the news last year and I would love to here more in depth analysis.
Thanks for making it 'approachable'. I am a beginner in all of this and your quick description of the basic commands is extrememely helpful. It allows me to continue to follow what you are doing and also learn about a wide variety of commands. Of course, further real study is necessary but your presentation helps one broaden understanding of the overall field to be studied. Thanks.
Recently stumbled upon some of your malware analysis videos and boy am I hooked! love your approach, you make things super easy to understand even for someone with little to no coding knowledge. I hope soon I can find some videos on your channel about learning to program in some of these languages that you work in with malware :) some more gamer-catered stuff would be awesomeee too! thanks John for some very entertaining videos!
one of your most easy to understand videos yet. well explained. learned a lot. thank you John!
Learning new stuff with you is always great. You always manage to draw my attention for a whole hour.
Honestly I've not watched a full malware analysis vid from you but this one rly interesting and honestly very well written
I hope more of you guys look into this Discord malware, a lot of this stuff is going undetected and creating a lot of headaches and some of these stealers have keyloggers, gets login sessions from your browsers etc.
Love your content, John! It's really fun to step through code with you.
Hey John a little off topic for this video, but your terminator vid, (among all the others!) really helped me pass the eJPT in less than 4 hours last week. Thanks for all great content man!
200k! good job man you deserve it :)
Great video John, would love to see you de-obfuscate that JavaScript!
Great content! Thank you for your contribution and for taking the risk of exposing yourself. Very informative.
Was doing exchange patching a week ago and they reference @john Hammond gist love it
Omg, we need to see more of this hog stealer code and whatever else you can find in the land of Discord malware! Keep up the great work and congrats on 200k!
ive learned allot from this and that says something because time enrolled in college for this and I feel like these breakdowns help immensely for someone like myself.
I Love you John. Great video again, interpreted languages is cool to reverse. Congratz on the 200k :)
THC For (4) L(ife)
9-TetraHydroCannabinol (THC) is a chemical component in Weed and Hasj.
Probably a smoker.
nice vid btw, Learned a lot!
You are the best! Thank you for explaining also for the beginners.
Holy smokes, how can it be so easy to retrieve all your discord data without logging in essentially. I wouldn't have guessed that discord is saving these tokens as plaintext in your appdata folder. Very nice video! You've got another sub :)
Late comment, but they're finally releasing a beta tests that encrypts your tokens... and it only took them a few years
@@ayva1106 And even then it's still compromised. People found out malware that circumvented it and managed to reverse engineer it for documentation.
This is going to be interesting. I’ve studied RCE attacks and Trojans on discord, as well as some more tame malware. I can say that discord is really bad in the security area, but it’s not much to worry about as there are few people who know how to do the attacks and how they work.
Edit: I’ve started watching the video, and I’ve seen almost this exact same script before while moderating a server
More advanced scripts add malicious js to discord core modules it allows the malware to keep persistence while having a low detection rate
That's ok, only a few people know how these attacks work
@@DM-qm5sc only the RCE are private but the scripts are well public
oh hey jim fancy seeing you here
@@tlocto hello
You're making it happen John ! :) BigUps . Learned lot from you my Guy !! Hopefully more to come. Peace
This is much better, John. You’ve dissect each components and explained thoroughly. Rather than rushing always.
I literaly saw this on my youtube feed and inmediately went to make popcorn!!
Hey John, love the Malware stuff. Would love to see some Dynamic Analysis with some ransomware or something , cheers
Awesome content as always, John 👏🏻
I love these kind of videos, fun new channel to nerd out to. :) Joined the Discord as well! :p
You always have great videos!
i'm not gonna lie to you bro, the way you teach is excellent and i appreciate your videos more than you could ever imagine... ever...
The delay is to prevent maxing out discord API requests so it's maximum efficiency
ayy congrats on 200k John!
Great video John! Many thanks :-)
Great Video, and learned a bunch!
I am eagerly waiting .
Absolutely fantastic content!
Congrats on 200k!
Awsome video man. I appreciate it a lot
really good explication, please keep this up
Great video, man. As always :)
YOUR explanation is Osm!!!🖤🖤🖤
Love your videos sir .Hope you have a great day.
Thanks for this video sir
by the end of the premiere you're gonna have 200k.
true
i dont think but i hope
199K NOOOOOOOOO
@@slonkazoid Just miss :(
@Jocelyn M's Alice are you ok?
you are genius, you are exceptional tutor, thank you, thank you so much, i got a project idea from this vid.
cant wait for 200k so excited !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
By no means the most advanced malware i've seen, like it does rely on a lot of user error to work, but still nice breakdown
Are you using Whonix for your malware analysis sandbox? I saw a glimpse of the Whonix desktop (little mouse and blue background) and recognized it, so I'm assuming your Virtualbox session is a Whonix VM?
If you open the webhook URL you can identify the name of the webhook, the Guild ID and Channel ID. That information is kinda basic but might help when reporting to Discord
amazing content john
Looked like that first sketchy website at 33:50 was a peertube instance. It was probably a community dedicated for malware videos.
Props to this guy managing to get a discord nuker/token logger to 1 hour
@@recommendastra_hack_zoneon709 hope it gets banned again, tiktok does not deserve users
@@aty4282 Its a bot, he is so shit and one of the worst people ngl (the person running the bot)
@@IkeVoodoo goddamn, cant believe that i fell for the classic ones
Seriously the best content creator out there. Love the videos. Keep them coming.
This seems very intresting. Can't wait to see it
I would advise you to use solid colored bars instead of pixelation since there is currently a promising tool in development that can reverse pixelation to some extend.
hollywood isnt real bro
Reversing pixelation requires context and information, now I haven't actually seen the pixelated part in this video but unless the pixelated content is unambiguously readable as any character, an algorithm won't know either, I bet you'd be able to get an approximation of what it could look like but that may just be as unreadable as it already is, but less pixelated
@@eericjacobson neural networks exist, and they've been in use for years.
This is going to be an amazing video!
Oh its a fun series keep it up!
Do you prefer Virtual Box over Hyper-V manager or other softwares? And if you have some spare time, I would love to know the reason behind your choice of Virtualization software! Kind regards.
I believe it is grabbing also grabbing Chrome, Opera and Brave tokens. The file structure generated by get_tokens seem to also work for those other directories listed
Great video!
I definitely want to see your deobfuscuate that js code :D
it could be the location for discord tokens in those browser since discord uses electron which uses chromium which chrome and a lot of other browsers also use, so it might be that cookies are stored there.
The path has leveldb which is a nosql db where chromium stores it's cookies and local storage
I was thinking if i should like this video - then you pointed out your TLOZ shirt. You win
yes i am interested in more discord stuff
and yes it is bad, but it's good to see and know what is actually out there
Love ya work chap! Sub'd
yikes. .. follow up on what more you learn about this for sure lol.
dropped a like. already subbed.
54:55 I was kind of expecting a "it's bad mmmkay?"
51:50 Hammond enters the freaking Matrix... xD You know a content creator is entertaining when you don't understand shit, and still watches until the end, entertained!
Instant pressed like, as I saw the Triforce. :)
Hey! Can u make a list of all the malware you have explored so far, making we all can send unique malware programs
I don't mind you ending this one on sort of a cliffhanger. I thought to myself, I have Discord but I don't have a Python installation. I remembered I specifically installed Perl (yeah not Python) for Blender, and then I searched for Python on my machine. Python comes with a lot of programs ( I have ones for Blender, GIMP 2, Inkscape, LibreOffice, Visual Studio Community Edition ..... and in Windows Apps?? What The ?) This developer dad does not install a default extension handler without blinking at least once, but it seems the Python script is not as harmless if you accepted to automatically open .py files??
you have a new sub
keep it up.
Hi there John, are you still accepting files to diagnose? I was hit earlier with an exe which took my discord offline and I assume let the other person log in via my token? I am now panicked as dozens of my friends also clicked on it, and it's caused chaos... If you do, how would I get it to you securely?
you can get the user data as well from walking through the code when you send a message. it requests all that for all the other people on the server you are on
19:00 It's not stealing your passwords on the browsers, discord is literally just a browser and so is chrome/opera. So it is checking in the browsers for discord tokens;;
20:20 MFA might be safe, but the tokens it makes, really aren't. From my experience they don't re-generate new ones.
@@swpq_ your token changes 100% when your password does and maybe when you change your username.
@@uslph. yeah buddy i know
question: if you going to "hack yourself" why not clear/backup the discord appdata folder and log in with a dummy account?
I love how the token stealer disguises as a token stealer 🤣
I thought it was clickbait, but DAMN!! legit content
Ok John I stopped at second 0:36 as I have one question before I continue....What is the best Zelda game ?
I liked at the Zelda shirt. Thanks!
I'm pretty sure the password cache of Chrome etc. uses your Windows user creds to encrypt the passwords, so accessing them would at least require some user action.
nope, Chrome uses window's CryptUnprotecData() if i remember correctly (i believe it is from windows.h file).
Yeah nvm, as long as you are signed in you can call CryptUnprotecData, and dumping the passwords can easily be done in python, lol.
Ok, seeing this premiere I think I can do two unfair bets right now. 1. Bet I'm subscribing here. 2. There's something malicious on my son's PC.
Depends if he downloaded it...
while trying to follow along in windows cmd (i have linux but not discord on it), it won't let me use findstr in windows cmd. how come you were able to do that but i can't? (total newb here)
happy 200k
25:09 leaked invalid ("unathorized") token
Oh wow! I'm impressed.
Only importing that actually used functions, not the whole libraries.
For the Browsers It takes The Tokens From Them, Because Some People Log into to them. Like you said :)
YT buried my comment from 21 hours ago, but at 1:50- will it run? Yesterday I found I have two Python apps installed from the Windows apps store dating back to 2019. File handler was not enabled though
that sever crasher is probably allowing the person to join servers and spam the server with that users token
25:51 uid and avatar are both public values so there's no need to censor them
Sometimes you make me really nervous, John.
No, not the tokens, the clumsiness in the shell:P
echo %LOCALAPPDATA% ... or cd %APPDATA% jFYI
But never mind, thanks for the video :)
John! Do the thing!
Hey John any plans for releasing a pentesting/ethical hacking course on Udemy? Keep up the great work.
you can make an undetectable version in nodejs or by running a script directly in ur browser in js
Very nice video, wants me to create on myself (for knowledge purposes ofc, mayby will sent you a link once i do ':) )
thank you