Force Download Exploit ***PUBLIC RELEASE!***

[HellSavior]

Methinks the applet is missing... >_<

 

[dacaoyuan]

what's the use of it?

 

[Nieves]

Read the first page, and you will understand.

 

[BannedBirdHouse]

Originally posted by tradewindrider
haha, turkey thats pretty stupid going to a site like that knowing what it could do. heaven is probably stealing all your credit card # and selling your cdkey on ebay now, or maybe not. if he used netdevil then the trojan should be in C:\WINDOWS\SYSTEM named kernel32.dil i think. you might go there and see one named kernel32.dll and one thats just kernel32(virus) because you can hide extension. if both of them say kernel32.dll then right click one of them and and click properties and if the file says it was created yesterday its the trojan but windows won't let you delete it because it will say copy protected or in use so you have to kill the process which is also kernel32.dll, so kill both or the one that has .dil extension and then you can delete it. but he might have just uploaded it to a different directory or uploaded another server, in which case reformating is a good idea or you can just ask him, btw what windows are you using?

Sorry to sound noobish but how do you "kill" a process?

 

[PyroKid]

I got a couple pms asking how to decrypt/encrypt my exploit so here's ho i did it:
the method is simple. go to http://javascript.internet.com/passwords/xor-encryption4.html for the encryption script you can do it right from that page. the password is "virusprotectionbypass" (without the quotes)

 

[PyroKid]

killing a process simply means to close it. when you press the X button on internet explorer your killing the process. when you press Esc at the intro screen of Diablo (to close it) your killing the process. some programs dont want to be killed (such as viruses). thats why theyre a little more dificult to kill. one virus i had, for example, liked to disable ctrl-alt-del so you cant close it. there is a way around this in win2k and xp by right clicking on your taskbar and going down and hitting task manager. then just choose the process and hit end process.

 

[Turkey]

Hi I have got the force download thing working, but does anyone know how to get my other scam site to pop up over the top of the download box? Thanks you your help

 

[Turkey]

Originally posted by PyroKid
just look at the decrypt.txt file. once your done, reencrypt it. you can get the encrypter/decrypter at javascript.internet.com its the xor encryption

Pyro can you give me a link to correct encrypter and a little guide on how to use it plz? Thanks

 

[BannedBirdHouse]

Thanks. but I have another noob question. It probably already has been answered but there is so much spam that I can't find it especialy when I try to read fast but even with the force exploit it still asks for the dl to be made instead of forcing it omfg.

Yes i renamed it to a .exf file using the dos thing and it worked. Well it has a windows icon now. But when my friend went to the site it opened a dl box instead. Also modify the site so it's not that gandhi crap anymore but your website instead?

EDIT: nvm tradewindrider just answered me.

 

[tradewindrider]

Originally posted by Turkey
Hi I have got the force download thing working, but does anyone know how to get my other scam site to pop up over the top of the download box? Thanks you your help

if you know at least 1% of html you can add this code to open as many pop up windows as you want and all of them can be links to force download the virus or just links to cover up the download. you put this script on your main page, the first page visitors see when they go to your site:


<!-- TWO STEPS TO INSTALL DELAYED POPUP:

1. Copy the coding into the HEAD of your HTML document
2. Add the onLoad event handler into the BODY tag -->

<!-- STEP ONE: Paste this code into the HEAD of your HTML document -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">
<!-- Original: Ronnie T. Moore, Editor -->
<!-- Web Site: The JavaScript Source -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
closetime = 0; // Close window after __ number of seconds?
// 0 = do not close, anything else = number of seconds

function Start(URL, WIDTH, HEIGHT) {
windowprops = "left=50,top=50,width=" + WIDTH + ",height=" + HEIGHT;
preview = window.open(URL, "preview", windowprops);
if (closetime) setTimeout("preview.close();", closetime*1000);
}

function doPopup() {
url = "insert url here";
width = 267; // width of window in pixels
height = 103; // height of window in pixels
delay = 2; // time in seconds before popup opens
timer = setTimeout("Start(url, width, height)", delay*1000);
}
// End -->
</script>

<!-- STEP TWO: Insert the onLoad event handler into your BODY tag -->

<BODY OnLoad="doPopup();">


<!-- Script Size: 1.27 KB -->


and change the variables like the "url"= to your link and make width height and delay like 1 so they won't even see whats in the window if you want and timer is hwo long it takes for pop up to open after main page finishes loading.

 

[Turkey]

tradewindrider to make my other scam site pop up over the force exploit do i copy the script you posted there into the exploit.htm file that pyro posted? I did this and havn't been able to get my site to pop up

 

[tradewindrider]

first upload exploit.htm and then paste it into exploit.htm if thats your main site. i dont know if it shows body and head tags though but if it does then do that.

 

[Turkey]

but where abouts in the html file do I paste that script you posted?

 

[tradewindrider]

it says it, first part goes in the head part thats anywhere between the <head> and the other </head> tags
and the one for body goes into the body tag <body insert unload here>

 

[CelestialBadger]

Hmmm...just out of curiousity. If the victim is running Windows XP, what will happen? Will they get a web page filled with encrypted crap?

 

[Turkey]

No, I think anyone running windows xp or IE6 will just me asked where to save the file

 

[CelestialBadger]

Ahh..what about running the exploit in Netscape?

 

[rasarv]

no more leeches plz :.(

 

[jon95386]

ok i got the file uploaded, and the website is up and runnning, but when i tried it on my other computer running 200nt it got the save/cancel popup. But thats not the problem... when i tried to open it the "open with" box poped up. for sum reason it cant open the exf file. (u gotta change the file name to .exf rite before u upload it rite?) well maybe its jus my computer but i spammed for a lil while and didnt get any instalations from my keylogger.

 

[jon95386]

ok i did the comand promt method and it runs like an application now, but when i put it up on lycos i get a 404 error when it tries to download it. and yes im posotive the links are correct, it just wont let me acess the file. any ideas or maybe another site to host it for free? (i think sharemation got shut down)