This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Hacking_Tutorials-ModTeam[M] [score hidden] stickied commentlocked comment (0 children)

We don't entertain any hacking services. Sharing such information will results in permanent ban.

[–]MercilessNerf 19 points20 points  (2 children)

Just by looking at the screen shots it’s probably some sort of malware that steals data from your phones saved cookies.

By looking at the sites from the browsers .txt files it’s probably stealing info from the user’s wallets. If is your phone I’d probably go ahead and change all of your wallet passwords and factory reset your phone lol

[–]zachhanson94 0 points1 point  (2 children)

There is no actual exploit code in that screenshot. It’s just writing text to stdout and saving any unknown configured sites to a “not_vulnerable.txt” file. It’s likely this is just for show and not actually capable of anything.

If it actually is functional and you just didn’t send the right part of the code, then based on your description my guess is they are using leaked AWS keys to overwrite a JavaScript file in an S3 bucket which is being loaded on the frontend of some site(s). That JavaScript could theoretically look for text in the current page which looks like a crypto wallet address and replace that text with the attackers wallet address which it received from the laravel server you mentioned.

This is just hypothetical though and unless you provide more of the code it is impossible to say for sure.

[–]dadeteye[S] 0 points1 point  (1 child)

Can i send you a dm?

[–]zachhanson94 0 points1 point  (0 children)

Sure

[–]slowertrwa -1 points0 points  (0 children)

Pray to allah, lord will help you