Monday, November 5, 2012

SkypeLocus


http://www.hackforums.net/showthread.php?tid=2918767&pid=27842962#pid27842962


Some shitty free Skype resolver, for skids by skids. Had some gaping holes in it so I politely disabled its services.



It was running off a Windows box in the guy's house. Owner is from Denmark: http://www.ip-adress.com/ip_tracer/80.162.24.46

Looking at what's in his web root directory should provide all the evidence you need to see he is most certainly a skid (various botnet panels and live "booters").

> whoami
nt authority\system

> dir C:\Users\Server
 Volume in drive C has no label.
 Volume Serial Number is 4CD8-9BBC

 Directory of C:\Users\Server

09/22/2012  07:41 AM    <DIR>          .
09/22/2012  07:41 AM    <DIR>          ..
08/18/2012  02:46 PM    <DIR>          Contacts
10/27/2012  06:27 AM    <DIR>          Desktop
09/02/2012  11:31 AM    <DIR>          Documents
10/26/2012  12:47 PM    <DIR>          Downloads
08/18/2012  02:47 PM    <DIR>          Favorites
08/18/2012  02:46 PM    <DIR>          Links
08/18/2012  02:46 PM    <DIR>          Music
08/18/2012  02:46 PM    <DIR>          Pictures
08/18/2012  02:46 PM    <DIR>          Saved Games
09/03/2012  09:34 AM    <DIR>          Searches
08/18/2012  03:59 PM    <DIR>          temp
08/18/2012  02:46 PM    <DIR>          Videos
               0 File(s)              0 bytes
              14 Dir(s)  37,749,161,984 bytes free

> dir C:\Users\Server\Desktop
 Volume in drive C has no label.
 Volume Serial Number is 4CD8-9BBC

 Directory of C:\Users\Server\Desktop

10/27/2012  06:27 AM    <DIR>          .
10/27/2012  06:27 AM    <DIR>          ..
10/13/2012  07:44 AM             2,819 addshells.php
07/30/2012  10:39 PM    <DIR>          Autodeleter
10/01/2012  06:05 AM               110 banned-ips.txt
10/01/2012  06:05 AM               110 banned-players.txt
04/16/2011  09:44 PM             1,554 boatnet.sql
10/15/2012  03:40 PM         4,115,551 Cythisia Botnet v2.rar
01/26/2011  04:26 PM             4,801 dbprepare.sql
10/07/2012  03:30 AM           974,841 Desktop.rar
09/06/2012  11:42 PM            10,578 import.sql
09/14/2012  06:23 AM                70 index.php
09/06/2011  07:09 AM            41,085 legionbo_booter.sql
10/08/2012  07:37 AM         1,260,241 muffin man ragebooter.zip
10/01/2012  06:44 AM                11 ops.txt
03/03/2011  11:30 AM             4,135 phantacdb.sql
10/14/2012  05:22 PM    <DIR>          Phoenix Emulador 3.7.1
10/14/2012  04:43 PM    <DIR>          PhoenixPHP2.0.4
02/14/2011  02:19 PM             1,190 postbit_reputation.gif
10/02/2012  09:35 AM            22,476 server.log
10/01/2012  06:05 AM               511 server.properties
09/01/2012  12:32 AM    <DIR>          Skypestuff - Copy
10/10/2011  10:57 AM           179,200 VNBuilded.exe
06/20/2011  04:01 PM         1,654,784 VNBuilder.exe
10/01/2012  06:05 AM                 0 white-list.txt
10/02/2012  09:35 AM    <DIR>          world
10/02/2012  11:12 AM               623 XAMPP Control Panel.lnk
              20 File(s)      8,274,690 bytes
               7 Dir(s)  37,749,161,984 bytes free

> dir C:\xampp\htdocs
 Volume in drive C has no label.
 Volume Serial Number is 4CD8-9BBC

 Directory of C:\xampp\htdocs

10/26/2012  03:37 PM    <DIR>          .
10/26/2012  03:37 PM    <DIR>          ..
10/05/2012  05:34 AM             1,569 252939482935237498.php
10/31/2012  08:53 AM    <DIR>          51234213
10/06/2012  02:48 AM    <DIR>          Abstract
09/27/2012  11:02 AM                52 Accident.php
09/10/2012  05:39 PM            11,670 admin.php
10/19/2012  10:10 AM    <DIR>          Alex
09/14/2012  07:15 AM             1,793 Anonymous.php
10/31/2012  04:47 AM             1,942 APIresolve.php
09/10/2012  10:00 AM    <DIR>          assets
09/02/2012  12:30 AM                 6 banned.php
10/14/2012  05:16 AM    <DIR>          Blackout
10/09/2012  09:00 AM    <DIR>          blacks
10/05/2012  02:18 PM    <DIR>          boot
10/02/2012  10:07 AM    <DIR>          booter
10/05/2012  02:02 PM    <DIR>          bootz
10/15/2012  03:43 PM    <DIR>          botnn
09/27/2012  11:03 AM                52 brazzter.php
09/05/2012  09:44 AM               118 chatpost.php
09/27/2012  11:03 AM                52 CodingHoster.php
09/10/2012  10:00 AM               119 config.php
10/11/2012  06:07 PM    <DIR>          css
09/03/2012  10:47 AM               102 db.php
07/27/2012  07:11 PM             5,476 EdgeChecker.php
10/24/2012  01:27 PM    <DIR>          email
10/19/2012  01:03 PM             1,021 email.php
09/27/2012  11:03 AM                52 exe1.php
09/02/2012  11:26 AM             2,550 favicon.ico
10/25/2012  11:04 AM    <DIR>          form
10/25/2012  12:10 PM    <DIR>          forum
10/24/2012  07:28 AM    <DIR>          forums
10/30/2012  12:10 PM    <DIR>          Gantic
09/30/2012  11:50 AM               614 gethw.php
10/12/2012  02:52 PM             1,372 he.php
09/27/2012  10:31 AM               846 Here.php
09/27/2012  11:03 AM                52 hereisit.php
10/15/2012  10:16 AM    <DIR>          hotel
10/08/2012  10:24 AM                15 hwids.txt
09/27/2012  11:03 AM                52 ignace.php
10/02/2012  10:55 AM    <DIR>          images
09/09/2012  04:25 AM    <DIR>          includes
11/04/2012  06:15 AM                68 index.php
11/01/2012  01:59 AM         2,777,838 ips.html
11/04/2012  06:16 AM             3,774 login.php
09/09/2012  04:30 PM               142 logout.php
10/10/2012  07:27 AM    <DIR>          Loki Rat
10/24/2012  01:19 PM               342 mail.php
09/10/2012  05:41 PM             6,528 makeUser.php
09/27/2012  11:03 AM                52 MessiahSkypeLF.php
10/14/2012  10:47 AM               392 Multiboot.php
09/11/2012  05:05 AM                57 Myip.php
10/13/2012  07:19 AM    <DIR>          newboot
10/03/2012  01:26 PM             1,566 newphp.php
10/08/2012  10:31 AM                 7 Onlineornot.php
08/18/2012  05:37 PM    <DIR>          overlayinfo
09/10/2012  10:00 AM    <DIR>          plugins
09/27/2012  11:03 AM                52 PonyBlaze.php
10/14/2012  11:23 AM    <DIR>          power
09/10/2012  12:59 PM               304 pwCheck.php
09/10/2012  05:15 PM             6,881 register.php
10/11/2012  06:08 PM             2,442 Rename.php
09/01/2012  06:21 PM             2,663 Resolver - backup.php
11/04/2012  08:20 AM             2,484 resolver.php
09/14/2012  07:15 AM             1,793 Shockwave72.php
11/04/2012  08:20 PM    <DIR>          Skypehru
10/03/2012  01:56 PM                21 SkypelocaAPI.php
10/07/2012  11:10 AM    <DIR>          stea
10/01/2012  12:24 PM                64 Sunlight.php
09/02/2012  11:33 AM    <DIR>          templates
10/01/2012  12:23 PM                65 test.php
10/19/2012  01:04 PM             1,027 text.php
09/14/2012  07:15 AM             1,793 thefile.php
09/17/2012  01:58 AM                41 ThisistheAPI.php
10/13/2012  11:03 AM    <DIR>          Uploads
09/27/2012  11:04 AM                52 vanity.php
09/27/2012  11:04 AM                52 Vincent1468.php
10/13/2012  09:30 AM            15,366 web_ninja_zixem.php
08/20/2012  03:50 AM               263 Welcome.php
09/14/2012  07:16 AM             1,793 what.php
09/27/2012  11:04 AM                52 wildfire_FsKCheese.php
              51 File(s)      2,857,499 bytes
              30 Dir(s)  37,749,014,528 bytes free
              

> ipconfig

Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9145:d440:a419:b3d0%19
   IPv4 Address. . . . . . . . . . . : 192.168.0.15
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   

> ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64
Reply from 192.168.0.1: bytes=32 time=6ms TTL=64
Reply from 192.168.0.1: bytes=32 time=5ms TTL=64
Reply from 192.168.0.1: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 3ms
    
// would take too much effort to fuck with his network; if it was Linux, maybe...

It had quite a lot of interesting shit on it. Databases, source code, and tons of other goodies. May release it at some later point.

No comments:

Post a Comment