Monday, 1 April 2013

Darkode leak

And you can thanks Nassef.
http://lists.emergingthreats.net/pipermail/emerging-sigs/2012-August.txt 

I don't know if it's you who did this shit
upaskitv1.org
xylibox.biz
krebsonsecurity.biz
upaskitversion1.biz
stevenk.biz
briankrebs.biz
upaskit1.biz
researchsecurity.biz
securityresearch.biz
amatrosov.biz
But seems you are related to this so i gave a fuck.

Also i can thank you for this:
Got your Builder from Darkode and made my keygen.
I also grabbed alot of other things but it's another story.

Nassef is also involved into POS sniffing.
Trying to deal with carder shops:

But i will not talk of Nassef here, but of 'darkode'
This forum is know to be a 'elite' community of black hats, there is alot of (in)famous actors inside.
Some are already jailled and some are still on business.

Darkode login with a really gay captcha.

And about the captcha they added it due to me:
I don't live in Lyon and i never walked with you, get a life man.

About the captcha something worry me:
Seem he sniff passwords, i'm sure the login form is even backdoored to know passwords of his users.
Also this is not my bruteforce, when i bruteforce it's more hardcore than this shit.

Darkode, on a short period even asked a private SSL cert to avoid unauthorized people:

They removed it for an unknown reason, (probably due to the skid wave end), admin of DK gived invite to everyone recently (i even received one without doing nothing, i'm not sure if it's black hat humor or if someone posed on dk and gived my mail)

Anyway i don't need this invitation.

Now, let's have a look on who's inside darkode...
symlink:

Paunch:

TinKode:

bx1:

BestAV:

Severa:

Exmanoize:

alexudakov:

Carberp

J.P.MORGAN

Even Slavik according to admin:
Some members listed here are already jailed, e.g: bx1, TinKode.

A member who show off his money done with SpyEye ($11,404,34 USD):

Another DK member who have launder 20k LR with members of this forum:

Sweet orange stats of a guys:

Coder of crimepack angry for the leak:

Presentation of cr33k, coder of  “Open Source Exploit Kit”
"I skimmed Diebolds", "as a mule i cashed out WU payments with fake IDs"
There is some nice people on darkode...

Presentation of Egypack exploit kit:

Business advice from a darkode admin:

Now about darkode you will says "wow, this board is hardcore" but no... not really
Maybe this forum was cool in 2009 with Gribodemon and shit's but actually it's look like hackforums.
And about hackforums even admins are on it:
mafi (www.hackforums.net/member.php?action=profile&uid=82912)
Selling crimepack:

sp3cial1st (hackforums.net/member.php?action=profile&uid=666599)
Recruiting hackforums people for darkode:

Fubar (hackforums.net/member.php?action=profile&uid=83826)
HF Leet:
(and they are all admins on darkode)

profile of mafi on malwareview (a kernelmode.info like but with idiots):

oh wow they use even hackforums products and resell them.
ngrbot, is this the scene ?

Also remember this ?
Maybe in another post i will explain the dramascene between uNkn0wn and darkode...

At darkode they will probably calls 2,3 screenshots a 'leak'
so... i took around ~4500 screenshots:
I know it can be hard for white hat to enter on community like darkode for do researchs.
So enjoy 763 Mb of screenshots, not a full dump but almost a full dump.
I have a full dump of course with each threads, pages fetched via wget but i keep this version for law enforcement guys (and some have already the darkode account and my regulars dump in hands since a long time, just saying..)
Anyway even with this 'public' screenshots dump anyone have enough to launch indictments and shit.

Oh.. it's really fun dude.

Also took a screenshot of maza for the glory... (I must admit i miss malwares of 2010/2011)
Gribo talk that Slavik is completely left from bussiness and he transfered everything related to Zeus 2.0 to Gribo, so he can continue work on this bot, including customers technical support. Slavik said to tell that he was happy to work with all the guys and other shit.


You can download the public dump here:
http://temari.fr/darkode.rar
http://trollkore.fr/darkode.rar
http://yandere.fr/darkode.rar
After 24 hours i will remove the archive from my server so fetch it fast.
http://www.multiupload.nl/EXNPMTB4XU

To conclude:
This post about darkode is exceptional i usualy leave these forums alone and don't blog about it.
I receive a lots of emails requesting me to give a fuck about theses boards, but since some days for an unknown reason some guys of darkode started to seriously annoy me (adding me on skype and mailling me with shits), this is just my response to them.
cb0f0ef62585ef7484d3582f3caf4ccf
Have a nice day and good advice: stay away of darkode if you don't want someone to knock at your door
Also don't ask me to do the same type of post about mazafaka, or other forums (i see already mails coming)
If you want some infs http://trojanforge.com/showthread.php?t=2391 is a good start, i will not help.

45 comments:

  1. Boring dramas. Why u posted this?

    ReplyDelete
    Replies
    1. because some people can be interested by this dramascene.
      anyway yeah that not my type of usual post...

      Delete
  2. Cette fois-ci le pass de l'archive n'est pas dans ses propriété. Comment le trouver?

    ReplyDelete
  3. j'ai rien dit, c'est le même que la dernière fois.

    ReplyDelete
  4. wow, that's really impressive. you've came from a long way, i remember reading years ago posts you made on a forum about cs mirc scripts then you started ripping websites then cracking stuffs then i started seeing your name on xssed and now this lol. i remember your nickname as long as i can remember being on the internet srsly lol

    ReplyDelete
  5. wow, hardcore leak man, take care of you

    ReplyDelete
  6. Nice job Xylitol :)
    Keep it up!

    ReplyDelete
  7. Another quality leak from Xylitol, thanks.

    ReplyDelete
  8. pass for .rar ?)

    ReplyDelete
    Replies
    1. i don't see it there. i think it's because i'm on the wonderful world of macs—does funny things with metadata. can publish some other way?

      thanks so much for this. great resource.

      Delete
    2. password is: infected

      Delete
    3. Many thanks/merci beaucoup

      Delete
  9. Not a great move

    Spying on forums and keeping info for your own purposes is one thing, but leaking and being a snitch is another and will have some concequences

    ReplyDelete
    Replies
    1. A move ?
      I've always worked like that man.
      For concequences... sure there is always concequences when i post something.

      Delete
    2. @ . aka mr snitch, you need to understand xylitol is a freelance malware and security researcher and dk guys are cyber criminals. What the fuck are you talking about leaking and being a snitch.. ? It's a security blog not some cyber crime forum. he doesnt needs to care about private content or dk guys.


      Delete
    3. thanks xyli

      ~ touchme

      Delete
  10. Dont enter this cybercrime warfare xylitol. Not going to help. But we highly appreciate your work.

    ReplyDelete
    Replies
    1. yeah, i will not enter in the game. like i've says this article is exceptional.

      Delete
    2. What happend with the website is down
      Ah why the archive alonely there image

      Delete
  11. You forgot to mention that level 2 allows carding.

    ReplyDelete
    Replies
    1. we know everything mafi..

      Delete
  12. Hey, what is password ?

    ReplyDelete
  13. You forgot to mention level 3 allows admin rights.

    ReplyDelete
    Replies
    1. shhhh noob..go die butthead kid!
      This guy is leaking ip addresses of his forum members. Typical skid!

      Delete
    2. Stfu skiddy retarded dumbfuck.

      Delete
  14. "so... i took around ~4500 screenshots:" hehe good post and yes, I would like to see more such shits exposed xD.

    ReplyDelete
  15. Darkode leak on Aprils fool day?

    Anyway the story with unk is in Level1\General\Darkode Hoster.png

    LOL at all the people trying to get into maza, directconnection, korkova or whatever. You'd expect them to know how to get into invite only boards by now...

    (Also xyli how did you manage to scrap all that with the new protection?)

    ReplyDelete
  16. Mirrored:

    http://www.fyreftp.prod.bz/darkode.rar

    ReplyDelete
  17. Forgot to mention all the countless old shit about pig, h1t3m, n2c, crimepack leaks, carve, ...

    ReplyDelete
  18. HI
    Can You said what program/scipt you used to printscreen all the forum?

    ReplyDelete
    Replies
    1. Don't be a damn lazy, use google engine.

      Delete
  19. Thank you to have made a directory just for me :]

    ReplyDelete
  20. anybody could invite me at darkode forum ?
    pyblack from twitter

    ReplyDelete
  21. what an interresting post ! , lol what they said about DarkoderSC, , at least he never made money with his stuff, fuckin' assholes depreciate french coderz

    ReplyDelete
  22. Yea well thanks, good reversable infoz

    Listen skids, digital work through piling of binary series. all one could truly do with a computer is hack. no hacking it would be like using a hammer to wipe yar ass, inability to use the tool to the extends its been found for.

    whitehat is like full disclosure (spare me the nonsense of u friggin faggots that probably red some about this starting japping at me you already know. spare me this plz k thx). full disclosure is irrisponsible in this era, y einstein didnt give his talent to hitler? full disclosure is never responsible. ill pass you some perspectives;

    1. monetary. you forgot the mentions of wilson? lincoln, franklin, rockefeller? there is no reason not to rob them robbers except for stay safe.

    2. technologically. yea we see how our govs are not reacting to terrorism. they are this much refusing to acknowledge it that it cost us our constitutional rights, increasingly, proving its effectivity. oh noes, terrorism isnt new, it didnt fall from the air. working together with them law enforcement bums talking shit about social darwinism? crap can you even hack?

    oh noes, twice. maza whatnot bullshit? you figure thats all whats around? skids running circles for profit? boy you gona wake up.

    snitch? lol sounds like them social darwinism rapist fools. this particular paragraph in my comment is especially at some peeps calling em snitch. this is not a movie boys, this is real life. snitch? skids please, run me some new circles. get a friggin life talking shit about 'snitch'. cant stand it? watching yourself run circles? crap lemme school you, life is not a bitch, you are the bitches. that suck my dick off by the way, before you admit it, gotto know it. thank you, in advance.

    whitehats, lurk me some more. what a friggins melly gaping assholes ive seen past few years. we tell you some blackhat. once we make you see the picture, its too late fu.

    ReplyDelete
    Replies
    1. only pentagon top cryptologists and xylibox can understand what the fuck this guys says on this message

      Delete
    2. pentagon top cryptologists

      thats a contradiction, maby xylibox gets that.

      Delete
    3. whitehat is like full disclosure // not really
      full disclo and whitehat isn't compatible or depend to who you full disclo the information (e.g: Law Enforcement agency in my case)
      Your approach with Einstein and Hitler isn't compatible too.
      darkode brute dumps, sqls, and shit isn't disclosed to bad guys or evil entities and even if it's become released to public... there is no secret about 'how to make a nuclear bomb' or 'how to harm people' on darkode so what did you expect ?
      For the 2nd points, let's says the weel of justice is slow but they don't do nothing ;)
      And there is a freeze on darkode actually, some blackhats take a break due to this (and i see that on jabber, most of dk people who do business everyday stopped to connect)

      Delete
    4. whitehat is mostly like full disclosure. as an example a difference would be one choses to work with the collective. where full disclore literally would imply spraying out in the plain open. thing is any real collective stands on consenting individuals, given majority consists out of real individuals thus identities. this revenu assurance our collective tends to represent is rather taking over the place of the individual calling this blatantly stupid combination like social darwinism. what a fart.

      sure it is compatible. although in depth Hitler did very different things than currently applicable, einstein chose not to reside in a malformed collective. i oppose to work for this collective trying to take over its roots, the individual.

      i never expected those releases from nor darkode or you, in the first place. secrets will Always exists just as our need for privacy as long as we respect the individual as true root for any true or real collective. the comparisment isnt compatible.

      well about that wheel of justice, its not just neglecting its own findings, appointments/rules its also blaiming procedures to bear responsibility. which it wont ever, its stupid paper guidelines to help individuals bearing responsibility as such could potentially gain on transparancy. this wheel of justice is finding out its own already defined wheel already, cannot be called justice already for selectivity causing /creating increasingly more reason, excuse and even need for darknets/underground (however splintered or not in its existance)

      Some blackhats take a break, all people do now and there. Tactics are stair walking, until the stairs topples over which we call proof using bs like social darwninism.

      Most blackhats in my circles are working, some according to reality context creating factorized prioritized need. Nothing has been solved (yet). Stances are almost taking, finishing definition. The throwing proves it. From there fronts will bump, in all enlarging any problems before we even start admitting into any like solving probability.

      In other; didnt stop connect, are redefining and connect elsewise at methodics for enhanced/proven need factors in reality context (just to explain some more).

      Thank you, in advance.

      Delete
  23. As darkode was shut down by feds this week and the dump isn't availible anymore, i`ve mirrored it:
    http://1337.tf/darkode.rar

    ReplyDelete
    Replies
    1. Thanks, mirrored also here with small additions: http://darkode.cybercrime-tracker.net/

      Delete
  24. thank you.
    im intrigued to read it as i was intrigued to visit many malware forums as an it security manager. the thing that bothers me really is that open source will suffer and eventually these people will root out pretty much any sharing of code that can cause harm just like the analog act. as an analogy a molecule that looks like another illegal molecule is also illegal to me = if you look like a criminal you should be locked up. in computer coding terms it = lets eradicate the places where people learn things that we can block through natural channels from gaining the knowledge to understand the world and thus see what we are doing to it by looking at us in the way we look at them.
    not schitzo but true. i dont care to write malware or use it but i urge anyone who understands what this shit means to learn. eventually that force will rule and we will be barred from the choice to learn and force fed shit that someone else decided was best for their own reasons.

    ReplyDelete