del
On updated Minecraft Launcher (2.1.5387) my standard method for sniffing ssl failed so I had to hook the function, for those who would like to check Minecraft requests in future updates:
Username Changes: | |
Joined: | 24-06-16 |
Date of Birth: | Age Unknown - Birthday Unknown |
Last Visit: | Private |
Profile Views: | 25,914 |
NTSTATUS BCryptEncrypt( BCRYPT_KEY_HANDLE hKey, PUCHAR pbInput, ULONG cbInput, VOID *pPaddingInfo, PUCHAR pbIV, ULONG cbIV, PUCHAR pbOutput, ULONG cbOutput, ULONG *pcbResult, ULONG dwFlags );
Captured raw bytes: 0000 50 4f 53 54 20 2f 61 75 74 68 65 6e 74 69 63 61 74 65 20 48 54 54 50 2f 31 POST /authenticate HTTP/1 0019 2e 31 0d 0a 48 6f 73 74 3a 20 61 75 74 68 73 65 72 76 65 72 2e 6d 6f 6a 61 .1..Host: authserver.moja 0032 6e 67 2e 63 6f 6d 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 6e 65 63 ng.com..User-Agent: Minec 004b 72 61 66 74 4c 61 75 6e 63 68 65 72 2f 31 2e 30 0d 0a 41 63 63 65 70 74 3a raftLauncher/1.0..Accept: 0064 20 2a 2f 2a 0d 0a 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 64 65 */*..Accept-Encoding: de 007d 66 6c 61 74 65 2c 20 67 7a 69 70 0d 0a 43 68 61 72 73 65 74 3a 75 74 66 2d flate, gzip..Charset:utf- 0096 38 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 61 70 70 6c 69 63 61 74 69 8..Content-Type:applicati 00af 6f 6e 2f 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 on/json..Content-Length: 00c8 32 31 34 0d 0a 45 78 70 65 63 74 3a 20 31 30 30 2d 63 6f 6e 74 69 6e 75 65 214..Expect: 100-continue 00e1 0d 0a 0d 0a .... 0000 7b 0a 09 22 61 67 65 6e 74 22 20 3a 20 0a 09 7b 0a 09 09 22 6e 61 6d 65 22 {.."agent" : ..{..."name" 0019 20 3a 20 22 4d 69 6e 65 63 72 61 66 74 22 2c 0a 09 09 22 76 65 72 73 69 6f : "Minecraft",..."versio 0032 6e 22 20 3a 20 22 31 22 0a 09 7d 2c 0a 09 22 63 6c 69 65 6e 74 54 6f 6b 65 n" : "1"..},.."clientToke 004b 6e 22 20 3a 20 22 6a 75 6d 34 62 30 6d 39 71 63 69 73 79 77 6b 73 31 74 70 n" : "jum4b0m9qcisywks1tp 0064 76 71 68 69 74 6e 69 61 70 74 32 35 6a 22 2c 0a 09 22 70 61 73 73 77 6f 72 vqhitniapt25j",.."passwor 007d 64 22 20 3a 20 22 61 73 64 61 73 22 2c 0a 09 22 72 65 71 75 65 73 74 55 73 d" : "XXXXX",.."requestUs 0096 65 72 22 20 3a 20 22 74 72 75 65 22 2c 0a 09 22 75 73 65 72 6e 61 6d 65 22 er" : "true",.."username" 00af 20 3a 20 22 61 64 61 64 73 22 0a 7d : "XXXXX".}
Posted by agilityseven on 21 June 2019 - 09:49 PM
del
Posted by agilityseven on 16 June 2019 - 02:00 AM
del
Posted by agilityseven on 15 May 2019 - 02:14 AM
DOWNLOAD:
Hidden Content
You'll be able to see the hidden content once you reply to this topic or upgrade your account.
INFO ( GitHub ):
Hidden Content
You'll be able to see the hidden content once you reply to this topic or upgrade your account.
Updates:
Just bug fixes
Infected version, more details here
https://www.nulled.to/topic/749445-910-league-of-legends-account-checker-by-fiftythreecorp-backdoor-removed/
Posted by agilityseven on 15 May 2019 - 01:23 AM
Today I was requested to check above mentioned tool and I sadly found a backdoor, im curious why noone else did this earlier.
Backdoored github repo
https://github.com/fiftythreecorp/LeagueOfLegendsAccountChecker/
Backdoor itself
REQUEST
PAYLOAD
Raw whois domain record
Domain Name: LOL-RIOTGAMES.COM Registry Domain ID: 2351115083_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.reg.com Registrar URL: http://www.reg.ru Updated Date: 2019-02-17T06:35:25Z Creation Date: 2019-01-09T21:55:01Z Registry Expiry Date: 2020-01-09T21:55:01Z Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +74955801111 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.RUVDS.COM Name Server: NS2.RUVDS.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2019-05-15T00:14:15Z <<< For more information on Whois status codes, please visit https://icann.org/epp NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. ===ADDITIONAL_WHOIS_DATA_FOUND=== Domain name: LOL-RIOTGAMES.COM Domain idn name: LOL-RIOTGAMES.COM Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Registry Domain ID: Registrar WHOIS Server: whois.reg.com Registrar URL: https://www.reg.com/ Registrar URL: https://www.reg.ru/ Registrar URL: https://www.reg.ua/ Updated Date: 2019-01-10 Creation Date: 2019-01-10T00:55:05Z Registrar Registration Expiration Date: 2020-01-10 Registrar: Registrar of domain names REG.RU LLC Registrar IANA ID: 1606 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +7.4955801111 Registry Registrant ID: Registrant ID: Registrant Name: Protection of Private Person Registrant Street: PO box 87, REG.RU Protection Service Registrant City: Moscow Registrant State/Province: Registrant Postal Code: 123007 Registrant Country: RU Registrant Phone: +7.4955801111 Registrant Phone Ext: Registrant Fax: +7.4955801111 Registrant Fax Ext: Registrant Email: [email protected] Admin ID: Admin Name: Protection of Private Person Admin Street: PO box 87, REG.RU Protection Service Admin City: Moscow Admin State/Province: Admin Postal Code: 123007 Admin Country: RU Admin Phone: +7.4955801111 Admin Phone Ext: Admin Fax: +7.4955801111 Admin Fax Ext: Admin Email: [email protected] Tech ID: Tech Name: Protection of Private Person Tech Street: PO box 87, REG.RU Protection Service Tech City: Moscow Tech State/Province: Tech Postal Code: 123007 Tech Country: RU Tech Phone: +7.4955801111 Tech Phone Ext: Tech Fax: +7.4955801111 Tech Fax Ext: Tech Email: [email protected] Name Server: ns1.ruvds.com Name Server: ns2.ruvds.com DNSSEC: Unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2019.05.15T03:10:02Z <<< For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. % By submitting a query to REG.RU Whois Service % you agree to abide by the following terms of use: % https://www.reg.ru/whois/servpol (in Russian) % https://www.reg.com/whois/servpol (in English)
Cleaned & Updated headers to match current RiotClient version (18.2.0)
Everyone whos been using this tool before should immedialy change password on their accounts.
Posted by agilityseven on 03 May 2019 - 08:31 AM
https://www.nulled.to/topic/749445-910-leagueoflegendsaccountchecker-by-fiftythreecorp-backdoor-removed/
Posted by agilityseven on 03 May 2019 - 02:13 AM
checker is downloading configuration file straight from league cdn
system.yaml path on league's cdn has been changed which is the reason this error occur i guess
http://l3cdn.riotgames.com/releases/live/projects/league_client/releases/{LatestSolutionMan[pos + 1]}/files/system.yaml.compressed
latest solution version (0.0.0.199) does not host that file anymore on this path
you can edit executable and replace url with the new 0.0.0.199 system.yaml path or simply use proxy to redirect that request into 0.0.0.198 version
old ver
http://l3cdn.riotgames.com/releases/live/projects/league_client/releases/0.0.0.198/files/system.yaml.compressed
Posted by agilityseven on 22 April 2018 - 11:44 AM
Yes, rothschild is investing in their coin so it definetly will.
ETN Will go high
etn is garbage
Posted by agilityseven on 16 March 2018 - 12:48 PM
Dumped today, maybe it will be useful for someone
Posted by agilityseven on 27 January 2018 - 02:51 AM
Email/User: Email
Proxies: Yes, every proxy is banned after 12 tries for around 8 minutes.
Capture: Yes [Nickname, Name, Nickname Changes, Last Name, Country, Last Login]
Posted by agilityseven on 18 October 2017 - 04:57 PM
Email/User: User
Proxies: Yes
Capture: YES - Level, Summoner Name, Summoner's first region
Posted by agilityseven on 12 August 2017 - 12:32 PM
Thanks
Posted by agilityseven on 08 August 2017 - 07:16 AM
Posted by agilityseven on 19 March 2017 - 01:48 PM
Thanks for sharing
Nulled is a community where you can find tons of great leaks, make new friends, participate in active discussions and much more.
© 2015-2023 Nulled. All rights reserved. Connected through US <-> US SERVER.WEDOMINATELAWSUITSSPA.NULLED