Steal other people's logs from the stealer

[Lord777]

Hello hackers, today I will tell you about the method that I have been using for a long time.

So, let's copy a couple of logs step by step, and then analyze what has been written and think about how to avoid such unpleasant incidents.

Step 1 - Go to the tracker

We go to any gate tracker known to us, whether it's VT or a more specialized resource

In my case, it will be the good old CyberCrime Tracker

We drive "azor" into the search by the name of the software , or something like that

We often get a rather extensive list of such

Step 2 - removing the logs

We go to any address from the list, and if he is a worker should see some kind of picture

This is the entrance to the admin panel azor

By default, the gate stores logs in the form of archives in the files folder, the index of which is VERY often not covered by the default settings of the web server (yes, the cybercriminal mamma loves the default)

You can use this, just go to http: // gateway address / files, and we see the following amusing picture:

Download any log and make sure that we are on the right track

Instead of a conclusion

This feature is not new, Azor admins are easily googled and this method of log removal is known to many. Also, to be fair - in about a third of the gates, the index is still closed.

How to protect yourself?

Place an empty index.html in the files folder in the standard admin distribution.

P.S. In new versions of azor, it seems to be fixed, look for old panels.

 

[Lord777]

And so, straight to the point.
Download CheckTgBot.

The essence
The first step, of course, is to find a stealer that sends logs to telegrams. You can do this in different ways, for example, search for videos with cheats on YouTube, sorting them by download date.
On the fly, of course, it will not work to determine where the stealer sends the logs, so you have to spend a little time.
We download all the cheats from YouTube, throw them on our virtual machine / Dedicated server, open some HTTP Debugger and sniff the stealer's requests.
I found such a request ?

Regular public stealer StormKitty.

To further automate the work, I wrote a simple sharpe-based software that will send you logs from this stealer.
The first two parameters are the bot token and chat ID from our request, and then we indicate our telegram chat ID.
Next, the software will recognize the nickname of the bot, to which you will need to write something ?
We write something to the bot and continue.
The software will ask which message to start sending them to us. I did this so that you can continue to send yourself logs from a specific message (you have to remember). But this may not always be accurate. In this case, we will write that you need to send from scratch. The software can also show you the owner of the bot. Error 400 will probably appear in the console. We just ignore it and wait for the work to finish.
If you are lucky and the owner of the stealer turns out to be a stump who decided to test the stealer on his computer, then you will receive its log as well.

Outcomes
As you can see, it is better not to use stealers that send logs not to the panel, but directly to telegrams, because this is fucking unreliable.
For a scammer, the most important thing is never to fall into the level of a simpleton.