Leak BoosTHTTPv3.0 Mega PowerFul FasT Pr0xy | SockeT

roger_smith · 11-14-2015, 04:49 PM

(11-14-2015, 10:32 AM)mahsat92 Wrote: is infected with backdoor

Please provide proof so I may address this issue. Regards.

Angel Beats · 11-23-2015, 02:22 PM

Shitty python script probably outputs what <1000 req/s
Same script in c would do 50k

The Real Slim Shady · 11-23-2015, 03:50 PM

(11-14-2015, 04:49 PM)roger_smith Wrote: Please provide proof so I may address this issue. Regards.

https://www.virustotal.com/en/file/777ef...448289292/

1. Detection rate 46/54

2. Behavioural Information reports http requests that are highly suspicious for what is supposed to be an http flooder. The site is now offline so its hard to tell exactly what it was doing, but based on the file names being remotely accessed, it's clearly not just an http flooder

3. His Youtube demo used a Python script, where as the file he provided was a .NET application. If this was a py2exe application (which is a plausible reason it's an exe instead of .py) then VT would have shown some file creation activity under Behavioural Information, which it does not. (it would create DLL's and what not to run the the script). So major discrepancy between the video and the application.

m0dem · 11-23-2015, 04:31 PM

(11-23-2015, 03:50 PM)The Real Slim Shady Wrote: https://www.virustotal.com/en/file/777ef...448289292/

1. Detection rate 46/54

2. Behavioural Information reports http requests that are highly suspicious for what is supposed to be an http flooder. The site is now offline so its hard to tell exactly what it was doing, but based on the file names being remotely accessed, it's clearly not just an http flooder

3. His Youtube demo used a Python script, where as the file he provided was a .NET application. If this was a py2exe application (which is a plausible reason it's an exe instead of .py) then VT would have shown some file creation activity under Behavioural Information, which it does not. (it would create DLL's and what not to run the the script). So major discrepancy between the video and the application.

Well that's convincing information.
Thanks for the writeup @The Real Slim Shady

roger_smith · 11-24-2015, 01:18 AM

(11-23-2015, 03:50 PM)The Real Slim Shady Wrote: https://www.virustotal.com/en/file/777ef...448289292/

1. Detection rate 46/54

2. Behavioural Information reports http requests that are highly suspicious for what is supposed to be an http flooder. The site is now offline so its hard to tell exactly what it was doing, but based on the file names being remotely accessed, it's clearly not just an http flooder

3. His Youtube demo used a Python script, where as the file he provided was a .NET application. If this was a py2exe application (which is a plausible reason it's an exe instead of .py) then VT would have shown some file creation activity under Behavioural Information, which it does not. (it would create DLL's and what not to run the the script). So major discrepancy between the video and the application.

Thx very much for doing this, I have redacted download links and banned the user.